“Security researchers have discovered a crippling OpenSSL bug in Apple and Google devices, as well as many high profile websites, which could allow “man in the middle” attacks,” Derek Erwin writes for Intego. “hese attacks can occur when Apple users are on public Wi-Fi networks, where they can be fooled into connecting to rogue servers claiming to belong to someone else.”
“The ‘FREAK’ vulnerability (CVE-2015-0204), short for Factoring attack on RSA-EXPORT Keys, makes it possible for attackers to decrypt and monitor HTTPS-protected traffic,” Erwin writes. “A FREAK attack is possible when someone with a vulnerable device — Mac OS X computers, iOS and Android devices — connects to an HTTPS-protected website configured to use an easily breakable key once thought to be dead. It requires that the attacker be in a position where they can intercept packets between the endpoint device and the HTTPS-protected website.”
The full article explains how to tell if a website is vulnerable, how to tell if your browser is vulnerable, and what can you do to stay protected until Apple delivers the fix. Read it here.
Related article:
‘FREAK’ flaw undermines security for hundreds of thousands of supposedly secure Web sites, including Whitehouse.gov, NSA.gov and FBI.gov – March 3, 2015