Apple and Google plan fix next week for newly uncovered Freak security bug

BOSTON: Apple Inc and Google Inc said on Tuesday that they have developed fixes to mitigate the newly uncovered 'Freak' security flaw affecting mobile devices and Mac computers.

The vulnerability in web encryption technology could enable attackers to spy on communications of users of Apple's Safari browser and Google Inc's Android browser, according to researchers who uncovered the flaw.

Apple spokesman Ryan James said the computer had developed a software update to remediate the vulnerability, which would be pushed out next week.

Google spokeswoman Liz Markman said the company had also developed a patch, which it has provided to partners. She declined to say when users could expect to receive those upgrades.

Google typically does not directly push out Android software updates. Instead they are handled by device makers and mobile carriers.

The Washington Post reported that the bug left users of Apple and Google devices vulnerable to cyberattack when visiting hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov. http: (wapo.st/18KaxIA)

Whitehouse.gov and FBI.gov have been fixed, but NSA.gov remains vulnerable, the paper cited Johns Hopkins cryptographer Matthew D. Green as saying.

A group of nine researchers discovered that they could force web browsers to use an form of encryption that was intentionally weakened to comply with U.S. government regulations that ban American companies from exporting the strongest encryption standards, according to the paper.

Once they caused the site to use the weaker export encryption standard, they were then able to break the encryption within a few hours. That could allow hackers to steal data and potentially launch attacks on the sites themselves by taking over elements on a page, the newspaper reported.

Markman said that Google advises all websites to disable support for the less-secure, export-grade encryption.

"Android's connections to most websites - which include Google sites, and others without export certificates - are not subject to this vulnerability," she added.

The group of researchers dubbed the flaw Freak, for "Factoring RSA-EXPORT Keys," according to a website where they described the vulnerability.- Reuters

Limited time offer:
Just RM5 per month.

Monthly Plan

RM13.90/month
RM5/month

Subscribe

Billed as RM5/month for the 1st 6 months then RM13.90 thereafters.

Annual Plan

RM12.33/month

Billed as RM148.00/year

Subscribe

1 month

Free Trial

For new subscribers only

Subscribe
Cancel anytime. No ads. Auto-renewal. Unlimited access to the web and app. Personalised features. Members rewards.
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

apple , google , bug , fix , freak-stocks , shares , dow , s^&p ,

   

Report it to us.

Next In Business News
Nasdaq, S&P set to open higher on tech boost, earnings glee
Sasbadi reports highest ever quarterly revenue
Aneka Jaringan leverages order book for growth
Chin Hin Group to develop two lands with combined GDV of RM1.08bil
CLMT 1Q net profit rises to RM33.49mil on higher occupancies, positive rental reversions
Ringgit ends marginally lower on firmer US dollar index
MoF: Govt to establish high-level facilitation platform to oversee potential, approved strategic investments
Meta Bright signs RM24mil leasing contract with Australia company
OCR Group to develop RM313mil residential project in Rawang
Legacy Credit emerges as substantial shareholder in VCI Global

Trending in Biz News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.