FREAK is another serious flaw in the web’s encryption
Experts are warning of a serious security flaw that has apparently gone undetected for years and can weaken encrypted connections between computers and websites, potentially undermining security across the Internet.
The flaw, which has been dubbed FREAK, affects the widely used Secure Sockets Layer protocol and its successor, Transport Layer Security, and can allow an attacker to intercept supposedly encrypted traffic as it moves between clients and servers.
The flaw affects many popular websites, as well as programs including Apple’s Safari browser and Google’s Android mobile OS, security experts say. Applications that use a version of OpenSSL prior to 1.0.1k are also vulnerable to the bug, detailed in this advisory.