Apple addresses 'FREAK' attack in latest OS X, Apple TV and iOS security updatesApple on Monday rolled out a security update for OS X, as well as separate updates for iOS and Apple TV, that addresses a number of recently discovered vulnerabilities, including a widely publicized SSL/TSL flaw dubbed "FREAK" that could in some cases allow malicious users to intercept secure communications.
Highlighted in a report last week, "FREAK," or "Factoring RSA Export Keys," is a flaw recently discovered in certain embodiments of cryptographic protocols SSL and TLS.
Since Apple's Safari, as well as other Web browsers, rely on these secure connections to transfer data, FREAK leaves systems open to so-called man-in-the-middle attacks that force clients to use a weaker form of encryption than requested during communication sessions. According to Apple, the flaw only affected connections to servers that run certain RSA cipher suites. To rectify the issue, Apple removed support for ephemeral RSA keys, the basis of the vulnerability.
According to Apple's dedicated security updates webpage, FREAK affected not only OS X, but iOS and Apple TV as well. Apple addressed the issue with iOS 8.2 earlier today, while the most recent Apple TV 7.1 update takes care of Apple's set-top streamer.
Alongside the FREAK patch are fixes that affect iCloud Keychain, IOAcceleratorFamily, IOSurface and OS X Kernel Apple said.
Apple's latest OS X Security Update 2015-002 can be downloaded and installed via Software Update.
On Topic: Mac OS X
- Trade-in coupon: $20 cash bonus when you trade in your old Mac ahead of rumored 2016 MacBook Pros
- LEGO rolls out Macs in the workplace to meet growing employee demand
- IBM deploying 1,300 Macs per week, Apple users need much less support than PC counterparts
- Quicken releases 2017 updates for Mac & iOS personal finance apps
- Adobe issues Flash updates to deal with 'critical' security holes