Microsoft and Apple patch FREAK bug – now you’ve got to update

Tech giants address the flaw that downgrades security of Android, iOS, Windows and OSX

Microsoft and Apple have moved to stem the bleeding caused by the FREAK vulnerability, releasing patches for the bug.

The tech giants are just two of the firms whose software FREAK has weakened, after the decade-old SSL vulnerability only came to light this month.

FREAK, an acronym for Factoring Attack on RSA-EXPORT Keys, was the US government's effort in the 1990s to downgrade encryption on exports during the 1990s.

It allows hackers to weaken software security from "strong RSA" to "export grade", according to Matthew Green, a research professor at Johns Hopkins University, one of the researchers who helped uncover the flaw.

Redmond admitted last week that all versions of Windows were susceptible to the bug, while it has also left Android and iOS devices at risk of hacking for a decade.

Now however, Apple and Microsoft have joined Google in patching the flaw.

Security researcher Graham Cluley wrote in a blog post: "Apple appears to have resolved the FREAK vulnerability for its users in a relatively short amount of time."

Apple's Security Update 2015-002 protects the Mac's OSX operating system, while similar patches address the vulnerability in iOS and Apple TV, too.

Meanwhile, Microsoft has issued 14 security bulletins for this month's Patch Tuesday, one of which specifically addresses FREAK.

Alan Bentley, international senior vice president at IT security firm Heat Software, said: "Now that Apple and Microsoft have made fixes available, the onus is on organisations to address the vulnerability.

"Failure to apply the appropriate patch will mean organisations are knowingly leaving their back doors open and allowing hackers access to their personal and private data."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Cyber criminals bypassing MFA to access cloud service accounts
two-factor authentication (2FA)

Cyber criminals bypassing MFA to access cloud service accounts

14 Jan 2021
Capcom data breach adds another 40,000 estimated victims
data breaches

Capcom data breach adds another 40,000 estimated victims

13 Jan 2021
Website problems slow coronavirus vaccine rollout
hacking

Website problems slow coronavirus vaccine rollout

6 Jan 2021

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021
BT faces £600m class-action lawsuit for 'overcharging'
Policy & legislation

BT faces £600m class-action lawsuit for 'overcharging'

18 Jan 2021