Site icon Emsisoft | Cybersecurity Blog

The end of FREAK: Massive SSL vulnerability finally patched


Ever since the discovery of FREAK, security experts at Microsoft, Apple and Google have been scrambling for a fix. This major SSL vulnerability allowed hackers to force a browser to use weak 512-bit encryption keys that could be cracked easily, leading to a man-in-the-middle attack. The good news is that all three companies have finally released patches that make “FREAK” nothing more than a horror of the past.

Google, Apple and Microsoft all released fixes

Google was the first company to issue a fix for the SSL vulnerability which means Android users with up-to-date devices are secure.

Apple joined in with updates for iOS and OSX on consecutive days. Apple’s Security Update 2015-002 stretches from Mountain Lion 10.8.5 to Yosemite 10.10.2 and eliminates the FREAK vulnerability for Safari and OSX. As for other browsers, Firefox was safe to begin with and Chrome received a quick fix. A security fix for iOS which was a part of the iOS 8.2 update brings iPad and iPhone users into the realms of safety as well.

Microsoft also patched this vulnerability for Internet Explorer (and thus Windows) recently. The fix for the SSL crippling FREAK called MS15-031 was included in the monthly security update for March. The update is available for all supported versions of Windows, including the popular Windows 7 and Windows 8.1.

The FREAK vulnerability that existed for over a decade is a prominent example of why security should never be taken lightly or compromised for small gains. An open window may act as a shortcut into a house (your data) but it also gives wolves (hackers) an easy entrance. Government policy should never inhibit security as even minor issues in this field can get out of hand quickly. The FREAK flaw could have been exploited on a large scale by hackers and cyber criminals. This would have led to thefts and frauds of all sorts. Luckily, Microsoft, Apple and Google stuck to their promises and closed out this gaping security hole swiftly.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a nice (vulnerability-free) day!

Exit mobile version