FREAK flaw in OS X and iOS leaves devices threaten to attack

0

freak-ssl-tls-vulnerability

A ban on the US government, which had banned the export of strong encryption technologies, and was taken late 90s, is currently causing a stir. The resulting need for a weak encryption has survived until today in the latest software.

As the Washington Post reports (via MacRumors), the technology company for some time been working on getting the server-side of the problem under control. The security experts gave this gap the name “FREAK” (short for “Factoring Attack on RSA-EXPORT keys”).

The origin of the vulnerability lies in an old export ban by the US government. This forbade companies with strong encryption software outside the United States to offer. Although the ban was lifted at the end of the 90s, the software that has been published without prejudice, however weak 512-bit encryption, exists today and also found its way back to the US.

Nadia Heninger, cryptography expert at the University of Pennsylvania called the gap as “zombie from the 90s”. Heninger was able to calculate the key within 7 hours. So then a secure connection be undermined.

During testing, the University of Michigan for more than a quarter of the tested pages were susceptible to the problem, including FBI.gov, Whitehouse.gov and NSA.gov. While the first two have now been secured, the latter is still vulnerable.

Unwanted attention given the vulnerability by a blog post by Akamai. Security experts had informed both governments and companies in recent weeks about the problem and hoped to close the gaps before experiencing the public and potential attackers from.

Apple plans to provide an update for OS X and iOS in the coming week, according to the company’s spokeswoman Trudy Miller. Whether this is done in the form of iOS 8.1.4 or equal to update to iOS 8.2 unclear. However, rumors from last week suggest that Apple will release iOS 8.2 equal; possibly in the context of the “Spring Forward” event next Monday.

Is also affected by Google’s Android browser, but not Chrome. When the company will publish an update to its software, is currently unknown.

Follow us on Twitter, subscribe to our Facebook Page, find us on LinkedIn, circle us on Google+