Attackers can theoretically use FREAK Attack to intercept what should be a secure HTTPS connection — the one with the lock icon in the address bar — and downgrade the encryption to "export-grade", which is much easier to crack. Safari, both on OS X and iOS, among other browsers, can be susceptible to FREAK Attacks, but Apple is aware of the exploit and moving swiftly to patch it:
FREAK Attack stands for "Factoring attack on RSA-EXPORT Keys". The vulnerability has apparently existed for a decade but was only recently discovered and disclosed by researchers. According to the FREAKAttack.com:
Here's what website administrators should do:
They also include a list of websites, some of the internet's largest, known to be vulnerable at the time of the reporting.
The weaker, 512-bit encryption, is called "export-grade" due to a U.S. policy, which ended in the 1990s, that once prohibited the export of strong encryption. It highlights the inherent problem with government demands for lower levels of security and "back doors": Security is only ever as strong as its weakest point. The Wachington Post:
In other words, doors open. It's what they're designed to do.
We'll let everyone know as soon as the iOS and OS X patches are live.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.