Patches released for Freak flaw
#1
Patches released for Freak flaw by Microsoft and Apple

[Image: SpGONCe.jpg]
The Freak flaw can be exploited to help hackers decrypt scrambled communications

Microsoft and Apple have released software fixes for a web browser bug that could let hackers spy on supposedly secure communications.

The updates have been made available about a week after the so-called Freak flaw was made public, and require users to restart their computers and smartphones after installation.

Google patched its Chrome browser and distributed an Android fix last week.

However, the Blackberry 10 browser remains vulnerable.

The Freak flaw was discovered by encryption and security expert Karthikeyan Bhargavan and made public on 3 March.

It lets attackers force data travelling between a vulnerable site and a visitor to use weak encryption.

The theory is that if a hacker combines the technique with what is referred to as a man-in-the-middle attack - allowing them to intercept data - they would find it relatively easy to decrypt the transmission, exposing secrets users had believed to be safe.

A group set up to monitor the impact of the Freak flaw suggested that about 9.5% of the web's top one million websites were susceptible to such attacks.

It has issued a tool that alerts users as to whether their browser is vulnerable.

One cybersecurity expert said the major companies had reacted relatively quickly to the problem.

"Taken as a whole this is a rapid response," said Rik Ferguson, director of security research at Trend Micro.

"A large number of users have the opportunity for protection now, but there's a big difference between the date when a patch is released and when it is implemented.

"Not everyone is going to download and apply the Microsoft, iOS and Mac patches straight away.

"And Android is particularly problematic because Google has to rely on handset manufacturers, and in some cases carriers as well, to make sure the patch gets out to end users.

"This is a textbook example of why a patch isn't the end of the problem."

source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Windows 10 to be released in July Scrumptious 1 14,204 Oct 21, 2015, 02:39 am
Last Post: willieaames
  Millions at risk from 'Freak' bug Scrumptious 0 12,246 Mar 07, 2015, 07:07 am
Last Post: Scrumptious



Users browsing this thread: 1 Guest(s)