Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

Apple plans fix next week for newly uncovered Freak security bug

Published 03/03/2015, 22:13
© Reuters. The leaf on the Apple symbol is tinted green at the Apple flagship store on 5th Ave in New York
GOOGL
-
AAPL
-

BOSTON (Reuters) - Apple Inc (NASDAQ:AAPL) and Google Inc (NASDAQ:GOOGL) said on Tuesday that they have developed fixes to mitigate the newly uncovered 'Freak' security flaw affecting mobile devices and Mac computers.

The vulnerability in web encryption technology could enable attackers to spy on communications of users of Apple's Safari browser and Google Inc's Android browser, according to researchers who uncovered the flaw.

Apple spokesman Ryan James said the computer had developed a software update to remediate the vulnerability, which would be pushed out next week.

Google spokeswoman Liz Markman said the company had also developed a patch, which it has provided to partners. She declined to say when users could expect to receive those upgrades.

Google typically does not directly push out Android software updates. Instead they are handled by device makers and mobile carriers.

The Washington Post reported that the bug left users of Apple and Google devices vulnerable to cyber attack when visiting hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov. http: (wapo.st/18KaxIA)

Whitehouse.gov and FBI.gov have been fixed, but NSA.gov remains vulnerable, the paper cited Johns Hopkins cryptographer Matthew D. Green as saying.

A group of nine researchers discovered that they could force web browsers to use an form of encryption that was intentionally weakened to comply with U.S. government regulations that ban American companies from exporting the strongest encryption standards, according to the paper.

Once they caused the site to use the weaker export encryption standard, they were then able to break the encryption within a few hours. That could allow hackers to steal data and potentially launch attacks on the sites themselves by taking over elements on a page, the newspaper reported.

Markman said that Google advises all websites to disable support for the less-secure, export-grade encryption.

"Android's connections to most websites - which include Google sites, and others without export certificates - are not subject to this vulnerability," she added.

© Reuters. The leaf on the Apple symbol is tinted green at the Apple flagship store on 5th Ave in New York

The group of researchers dubbed the flaw Freak, for "Factoring RSA-EXPORT Keys," according to a website where they described the vulnerability: https://www.smacktls.com.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.