Apple has today rolled out an an important security update, addressing numerous security flaws and the overly publicised FREAK attack which has been doing rounds in the cyber security circle for quite some time now (via Apple Insider). The security update has been released for all of Apple’s software – OS X, iOS and Apple TV.
“Factoring RSA Export Keys” or popularly known as “FREAK”, a bug which came under immense spotlight last week, is a flaw discovered in SSL and TLS security protocols. The bug, as reported previously, could allow potential hackers to exploit a victim machine via its browser.
Since we know that all browsers these days depend on SSL and TLS for transmitting secured transmissions, thus Apple’s Safari browser too comes under the scanner. As a result, the Cupertino giant has released a new security patch, which fixes FREAK and a number of other bugs.
Apple says that the flaw affected only those connections to servers, that run certain RSA cipher suites. To rectify the issue, Apple removed support for ephemeral RSA keys altogether, the basis of the vulnerability.
The company also acknowledged that the flaw not only affected OS X devices, but also iOS and Apple TV. The issue with iOS was rectified along with the release of iOS 8.2.
Apple’s latest OS X Security Update 2015-002 can be downloaded and installed via Software Update.