14 DAY TRIAL // According to iMore, Apple plans to release patches for both its iOS mobile operating system and Mac OS X computer operating system sometime next week, in order to address the recently discovered “FREAK Attack” vulnerability, which affects the Safari web browser.
The so-called “FREAK Attack” vulnerability was discovered in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols by researchers on March 3, 2015. An attacker could exploit this vulnerability to intercept an HTTPS (HTTP Secure) connection and leave web browsers into an easier-to-crack encryption state.
Of course, this doesn’t apply to Safari alone, as many other web browsers might be affected by the “FREAK Attack” vulnerability. Apple was among the first to confirm that they would patch their web browser by releasing software updates in the coming days. "We have a fix in iOS and OS X," said an Apple spokesperson for the iMore website.
“FREAK Attack” stands for “Factoring attack on RSA-EXPORT Keys”
“A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204,” is stated on the FREAKAttack.com website. “Vulnerable clients include many Google and Apple devices (which use unpatched OpenSSL), a large number of embedded systems, and many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites.”
As you might know, both Mac OS X 10.10.3 and iOS 8.2 are in Beta stages at the moment of writing this article. We reported last week that iOS 8.2 might be released before the Apple Watch event on March 9, but it remains to be seen when exactly Apple will offer the final versions of these maintenance releases to fix the controversial vulnerability. We will keep you, guys, informed on this space immediately after Apple releases patches for Mac OS X and iOS.