The end of FREAK: Massive SSL vulnerability finally patched

SSL-1Ever since the discovery of FREAK, security experts at Microsoft, Apple and Google have been scrambling for a fix. This major SSL vulnerability allowed hackers to force a browser to use weak 512-bit encryption keys that could be cracked easily, leading to a man-in-the-middle attack. The good news is that all three companies have finally released patches that make “FREAK” nothing more than a horror of the past.

Google, Apple and Microsoft all released fixes

Google was the first company to issue a fix for the SSL vulnerability which means Android users with up-to-date devices are secure.

Apple joined in with updates for iOS and OSX on consecutive days. Apple’s Security Update 2015-002 stretches from Mountain Lion 10.8.5 to Yosemite 10.10.2 and eliminates the FREAK vulnerability for Safari and OSX. As for other browsers, Firefox was safe to begin with and Chrome received a quick fix. A security fix for iOS which was a part of the iOS 8.2 update brings iPad and iPhone users into the realms of safety as well.

Microsoft also patched this vulnerability for Internet Explorer (and thus Windows) recently. The fix for the SSL crippling FREAK called MS15-031 was included in the monthly security update for March. The update is available for all supported versions of Windows, including the popular Windows 7 and Windows 8.1.

The FREAK vulnerability that existed for over a decade is a prominent example of why security should never be taken lightly or compromised for small gains. An open window may act as a shortcut into a house (your data) but it also gives wolves (hackers) an easy entrance. Government policy should never inhibit security as even minor issues in this field can get out of hand quickly. The FREAK flaw could have been exploited on a large scale by hackers and cyber criminals. This would have led to thefts and frauds of all sorts. Luckily, Microsoft, Apple and Google stuck to their promises and closed out this gaping security hole swiftly.

Have a nice (vulnerability-free) day!

  • Glenn McGrew II

    Just to reiterate this important point: FREAK is a thing of the past…if you’ve updated your machine… and f you’re running software that is supported by the fix!