FREAK Stories March 10, 2015

Apple pushes security updates to iOS and OS X, ending FREAK vulnerability

Apple has pushed security updates to both iOS and OS X, ending their vulnerability to the FREAK exploit which allowed hackers access to personal data during encrypted sessions on a number of major websites. Android and Windows devices were also vulnerable.

At the time the exploit was discovered, affected websites included American Express, Airtel, Bloomberg, Business Insider, Groupon, Marriott and, ironically, the FBI, NSA and White House sites. Hackers could force the sites to use a less-secure form of encryption that could be relatively easily cracked. Apple’s fix prevents iOS and OS X from using the lower level of encryption even if the site requests it.

The fix is included in iOS 8.2, released yesterday. iOS 8.2 added support for the Apple Watch, improved the Health app and fixed a number of bugs, including an SMS reboot. It was also rolled into today’s Apple TV 7.1 update. The OS X fix is available as a standalone software update. From the Apple menu, select App Store then the Updates tab; a restart is required.

FREAK Stories March 4, 2015

Cryptographers have discovered that a security flaw dating back to the ’90s is placing OS X, iOS and Android users at risk from hacking attacks when visiting some major websites, including American Express, Airtel, Bloomberg, Business Insider, Groupon, Marriott and many more.

The FREAK exploit allows an attacker to force a website to use lower-grade encryption for HTTPS connections, which can be cracked within a few hours when using a small botnet of just 75 computers. Once cracked, attackers would be able to hack the website as well as steal personal data from those visiting the site …  expand full story

Powered by WordPress.com VIP