Apple secures Safari against FREAK attacks

Apple on Monday patched the FREAK flaw in both OS X and iOS, issuing updates for both operating systems to protect users of its Safari browser.

In a pair of accompanying advisories, Apple noted the FREAK fix as one of several in iOS 8.2 and OS X Yosemite, Mavericks and Mountain Lion. The OS X update was labeled 2015-002 to identify it as a multi-edition fix.

“Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites,” Apple stated in both advisories. “This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.”

To read this article in full or to leave a comment, please click here

Read more: Apple secures Safari against FREAK attacks

Story added 10. March 2015, content source with full text you can find at link above.