Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google Log In with Steam Sign In
  • Create Account
Photo

Apple stops the 'FREAK' in its tracks


  • Please log in to reply
No replies to this topic

#1
OFFLINE   sincity

sincity

    Advanced Member

  • Members
  • PipPipPipPip
  • 2196 posts
63
Getting Better
Apple stops the 'FREAK' in its tracks

Apple has issued a new security update in order to protect its range of products from the so-called "FREAK" vulnerability.

The updates, which cover OS X as well as iOS and AppleTV, address the vulnerability that is able to take advantage of a flaw in SSL/TSL connections and allow secure communications to be manipulated.

FREAK, or factoring attack on RSA-EXPORT keys, allows attackers to decrypt traffic sent over an HTTPS connection between end users and websites. Attackers are able to use the exploit when an end-user using a vulnerable device connects to an HTTPS-protected site that is also vulnerable and the only ones at risk are sites using a weak cipher that was supposed to have been retired a while ago.

How to update

Attackers can manipulate this by introducing a weaker 512-bit encryption key into the protected session and then collecting any information passed over this exchange by using a low-cost method in the cloud.

AppleTV 7.1, iOS 8.2 and Security Update 2015-002 can all be downloaded on the relevant devices and doing so protects against information being pilfered by attackers.

Via: Apple













0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users