More and more security threats are discovered on a regular basis, and now it’s turn for a “Freak” vulnerability — that’s actually its name — for Android and Mac to come out of hiding. According to Re/code, both Google and Apple are aware of the situation, and have developed fixes to patch the Freak.
The security exploit would apparently allow third parties to spy on Android browser and Safari users, according to researchers who have studied it.
A report from The Washington Post revealed that Android and Mac users visiting several “hundreds of thousands of websites” have been at risk. The list of websites also includes the official Whitehouse.gov, NSA.gov and FBI.gov. Of those, NSA.gov still remains vulnerable.
Apparently, the security flaw has been out in the wild for more than a decade, and is an unwanted effect of a previous U.S. encryption-related policy that forbid the export of the strongest encryption technology to other countries, which instead received weaker solutions. Those tools became widely used even after restrictions were lifted, leading to the discovery of Freak
What the researchers found was that they could force web browsers to use a weaker form of encryption which could be then broken in a few hours. Hackers could then spy on users to steal data, or even attack the sites in question.
Google said the company has developed a patch, which has been delivered to its partners, but it’s up to them to push security update to users. Meanwhile, Apple will push the security patch for Macs at some point next week.
More details about Freak for Android and Mac are available at the source links.