It’s been hiding in your Safari browser for more than a decade, but researchers just found it, according to a recent article in The Washington Post. Dubbed the “FREAK” flaw, it leaves users of Apple and Google devices vulnerable to hacking whenever they visit millions of sites that are supposed to be secure, including Web pages like Whitehouse.gov, NSA.gov, and FBI.gov.
This flaw is the result of an old U.S. government policy forbidding the export of strong encryption overseas, according to The Washington Post report. This policy has been lifted, but the weaker encryption that was required in products shipped to foreign countries before the late 1990s has been incorporated into widely used software such as the Safari Web browser for Windows, Mac, and iOS as well as Google’s browser for Android devices.
Researchers found that through the exploit, they could force browsers to use the weaker encryption and then crack it in just a few hours. Once cracked, hackers are able to steal passwords and other personal data. These researchers called the flaw FREAK, for “Factoring RSA-EXPORT Keys,” according to a Web site that describes the vulnerability.
Apple spokesman Ryan James told Reuters that the software giant has developed a software update to fix the vulnerability and will push out the update sometime next week.