Apple issues OS X security update with fix for 'FREAK attack'

Security Update 2015-002 fixes issues on OS X Yosemite 10.10.2, as well as OS X 10.8.5 and 10.9.5. Issues addressed include a bug that would allow a malicious or compromised application to find the address of the kernel, as well as an issue that could allow programs to run arbitrary code with systems privileges.

Apple detailed their fix for these problems, along with the "FREAK attack" on their support page:

Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.

For more on this security update, you can see Apple's support documentation at the link below.

Source: Apple Support

Joseph Keller

Joseph Keller is the former Editor in Chief of iMore. An Apple user for almost 20 years, he spends his time learning the ins and outs of iOS and macOS, always finding ways of getting the most out of his iPhone, iPad, Apple Watch, and Mac.