apple micrososft

Patches released for Freak flaw by Microsoft and Apple

Patches released for Freak flaw by Microsoft and Apple

Microsoft and Apple have released software fixes for a web browser bug that could let hackers spy on supposedly secure communications.

The updates have been made available about a week after the so-called Freak flaw was made public, and require users to restart their computers and smartphones after installation.

Google patched its Chrome browser and distributed an Android fix last week.

However, the Blackberry 10 browser remains vulnerable.

The Freak flaw was discovered by encryption and security expert Karthikeyan Bhargavan and made public on 3 March.

It lets attackers force data travelling between a vulnerable site and a visitor to use weak encryption.

The theory is that if a hacker combines the technique with what is referred to as a man-in-the-middle attack – allowing them to intercept data – they would find it relatively easy to decrypt the transmission, exposing secrets users had believed to be safe.

A group set up to monitor the impact of the Freak flaw suggested that about 9.5% of the web’s top one million websites were susceptible to such attacks.

It has issued a tool that alerts users as to whether their browser is vulnerable.

One cybersecurity expert said the major companies had reacted relatively quickly to the problem.

“Taken as a whole this is a rapid response,” said Rik Ferguson, director of security research at Trend Micro.

“A large number of users have the opportunity for protection now, but there’s a big difference between the date when a patch is released and when it is implemented.

To read the full story, click here

Blog English, Cyber Security, Industry Updates & News