{"id":38236,"date":"2015-03-10T15:30:27","date_gmt":"2015-03-10T22:30:27","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=38236"},"modified":"2016-10-07T11:27:08","modified_gmt":"2016-10-07T18:27:08","slug":"apple-releases-freak-fix-for-os-x-ios-and-apple-tvs","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-freak-fix-for-os-x-ios-and-apple-tvs\/","title":{"rendered":"Apple Releases FREAK Fix for OS X, iOS and Apple TVs"},"content":{"rendered":"

\"AppleAmongst all the hullabaloo about the new Apple Watch, you might have missed that Apple has also released a patch for the FREAK vulnerability.<\/p>\n

The FREAK (Factoring attack on RSA-EXPORT Keys, also known as CVE-2015-0204) vulnerability, short for Factoring attack on RSA-EXPORT Keys, could make it possible for an attacker to decrypt and monitor your HTTPS-protected communications<\/a>.<\/p>\n

The problem wasn’t just limited to users of Apple devices and operating systems. For instance, last week Microsoft revealed that Windows users were also at risk<\/a> from the flaw which has lain unnoticed for years.<\/p>\n

The good news is that today Apple pushed out security update 2015-002<\/a> for OS X users, and similar patches for Apple TV<\/a> and iOS<\/a>.<\/p>\n

\"OS<\/p>\n

Here’s what Apple had to say about the FREAK fix for OS X:<\/p>\n

Secure Transport<\/strong>
\nAvailable for:<\/strong> OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2<\/p>\n

Impact:<\/strong> An attacker with a privileged network position may intercept SSL\/TLS connections<\/p>\n

Description:<\/strong> Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.<\/p><\/blockquote>\n

We should be grateful that Apple appears to have resolved the FREAK vulnerability for its users in a relatively short amount of time.<\/p>\n

Of course, this isn’t the only security patch included in the latest updates for OS X, iOS and Apple TV.<\/p>\n

For instance, the latest iOS update includes a fascinating fix for a vulnerability that could have allowed hackers to remotely restart a victim’s iPhone<\/a> by sending a specially-crafted SMS message.<\/p>\n

But none of the other bugs are likely to make the same number of headlines as FREAK achieved when it was revealed earlier this month.<\/p>\n

For once I feel I’m quite entitled to suggest that you update your computers, your smartphones and your Apple TV with the latest security patches and then… “get the freak out.” \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"

Get the FREAK out of here! Apple releases security update for SSL-busting vulnerability.<\/p>\n","protected":false},"author":34,"featured_media":38242,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[5],"tags":[3151,24,2023,69,168,144],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n