Number: IRCNE2015032440
Date: 2015/03/07
According to “cnet”, Apple and Google are both working on fixes to a decade-old security flaw that could leave millions of users of the tech titans' mobile web browsers vulnerable to hacking.
The newly discovered encryption flaw known as "FREAK attack" left users of Apple's Safari and Google's Android browsers vulnerable to hackers for more than a decade, researchers told the Washington Post.
Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available, according to the newspaper.
Apple and Google said they were creating software updates to address the vulnerability. Apple told CNET that it would distribute its fix next week, while Google told the newspaper it would provide its update to device makers and wireless carriers.
The flaw surfaced a few weeks ago when a group of researchers discovered they could force websites to use the intentionally weakened encryption, which they were able to break within a few hours. Once a site's encryption was cracked, hackers could then steal data such as passwords and hijack elements on the page, the newspaper reported.
Researchers have been alerting affected government and commercial websites for a few weeks in hopes of taking corrected measures before the vulnerability was publicized, the newspaper reported. Whitehouse.gov and FBI.gov have been repaired, but NSA.gov remains vulnerable, researchers told the newspaper.
- 2