Apple secures Safari against FREAK attacks
Apple on Monday patched the FREAK flaw in both OS X and iOS, issuing updates for both operating systems to protect users of its Safari browser.
In a pair of accompanying advisories, Apple noted the FREAK fix as one of several in iOS 8.2 and OS X Yosemite, Mavericks and Mountain Lion. The OS X update was labeled 2015-002 to identify it as a multi-edition fix.
“Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites,” Apple stated in both advisories. “This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.”