Jump to content

Apple, Google, Microsoft scramble to develop fix to stop 'Freak' flaw


Recommended Posts

contraman

Apple and Google say they have developed fixes to mitigate the newly uncovered "Freak" security flaw affecting mobile devices and Mac computers.


Initially thought to be immune, Microsoft released an advisory which warned hundreds of millions of Windows PC users are also vulnerable to the security vulnerability.


The weakness in web encryption technology could enable attackers to spy on communications of users of Apple's Safari browser and Google's Android browser, according to researchers who uncovered the flaw.


The vulnerability could allow attacks on Microsoft PCs that connect with servers configured to use encryption technology intentionally weakened to comply with US government regulations banning exports of the strongest encryption.


Apple spokesman Ryan James said the computer company had developed a software update to remediate the vulnerability, which would be pushed out next week.


Google spokeswoman Liz Markman said the company had also developed a patch, which it has provided to partners. She declined to say when users could expect to receive those upgrades.


Google typically does not directly push out Android software updates. Instead they are handled by device makers and mobile carriers.


Microsoft advised system administrators to employ a workaround to disable settings on Windows servers that allow use of the weaker encryption.


It said it was investigating the threat and had not yet developed a security update that would automatically protect Windows PC users from the threat.


"Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers," it said.Apple and Google say they have developed fixes to mitigate the newly uncovered "Freak" security flaw affecting mobile devices and Mac computers.


Initially thought to be immune, Microsoft released an advisory which warned hundreds of millions of Windows PC users are also vulnerable to the security vulnerability.


The weakness in web encryption technology could enable attackers to spy on communications of users of Apple's Safari browser and Google's Android browser, according to researchers who uncovered the flaw.


The vulnerability could allow attacks on Microsoft PCs that connect with servers configured to use encryption technology intentionally weakened to comply with US government regulations banning exports of the strongest encryption.


Apple spokesman Ryan James said the computer company had developed a software update to remediate the vulnerability, which would be pushed out next week.


Google spokeswoman Liz Markman said the company had also developed a patch, which it has provided to partners. She declined to say when users could expect to receive those upgrades.


Google typically does not directly push out Android software updates. Instead they are handled by device makers and mobile carriers.


Microsoft advised system administrators to employ a workaround to disable settings on Windows servers that allow use of the weaker encryption.


It said it was investigating the threat and had not yet developed a security update that would automatically protect Windows PC users from the threat.


"Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers," it said.


:link: 


Link to post
Share on other sites
Davaoeno

To check if your browser is safe from this issue, visit the vulnerability scanning service FREAKAttack.

Link to post
Share on other sites

So the U.S. government says to Apple and Google you can't use good encryption. Then hackers exploit it.

 

Insanity abounds.

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use, Privacy Policy and Guidelines. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..