Microsoft and Apple patch FREAK bug – now you’ve got to update

Tech giants address the flaw that downgrades security of Android, iOS, Windows and OSX

Microsoft and Apple have moved to stem the bleeding caused by the FREAK vulnerability, releasing patches for the bug.

The tech giants are just two of the firms whose software FREAK has weakened, after the decade-old SSL vulnerability only came to light this month.

FREAK, an acronym for Factoring Attack on RSA-EXPORT Keys, was the US government's effort in the 1990s to downgrade encryption on exports during the 1990s.

It allows hackers to weaken software security from "strong RSA" to "export grade", according to Matthew Green, a research professor at Johns Hopkins University, one of the researchers who helped uncover the flaw.

Redmond admitted last week that all versions of Windows were susceptible to the bug, while it has also left Android and iOS devices at risk of hacking for a decade.

Now however, Apple and Microsoft have joined Google in patching the flaw.

Security researcher Graham Cluley wrote in a blog post: "Apple appears to have resolved the FREAK vulnerability for its users in a relatively short amount of time."

Apple's Security Update 2015-002 protects the Mac's OSX operating system, while similar patches address the vulnerability in iOS and Apple TV, too.

Meanwhile, Microsoft has issued 14 security bulletins for this month's Patch Tuesday, one of which specifically addresses FREAK.

Alan Bentley, international senior vice president at IT security firm Heat Software, said: "Now that Apple and Microsoft have made fixes available, the onus is on organisations to address the vulnerability.

"Failure to apply the appropriate patch will mean organisations are knowingly leaving their back doors open and allowing hackers access to their personal and private data."

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Sitecore XP RCE flaw is being actively exploited, ACSC warns
vulnerability

Sitecore XP RCE flaw is being actively exploited, ACSC warns

9 Nov 2021
Patch management vs vulnerability management
enterprise security

Patch management vs vulnerability management

14 Sep 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Australia film archive gets $41.9 million to digitise audiovisual heritage
digitisation

Australia film archive gets $41.9 million to digitise audiovisual heritage

6 Dec 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021