On March 3rd, it was announced that FREAK (Factoring attack on RSA-EXPORT Keys) put both Apple Safari and Android Chrome browsers at risk. If you’re just hearing about this exploit now, in a nutshell, it’s basically a weak encryption scheme from the 90s, that makes your Apple Safari and Android Chrome browser sessions susceptible to spying and other mischief. Namely, from organizations like the NSA, who were instrumental in creating this weakness, as a way to get into your system, by leaving a backdoor.
While Apple has promised to push out updates to both iOS and OSX, Google has to rely on its partners to push out Android updates (with the exception of NEXUS devices). The easy solution, is just to simply stop using Chrome, and use Mozilla Firefox instead. However, the elephant in the room is Microsoft, and they have finally, reluctantly, admitted that FREAK affects them as well.
In a recent Microsoft Security Advisory, the company admitted that all currently supported releases of windows is impacted by FREAK. So pretty much every PC, running Vista and above, on the planet, is affected. Since PCs can’t claim security by obscurity like Macs, this could potentially, and still may be, a real problem. The cause is a security library in the OS that handles SSL and TLS, so Internet Explorer users beware. However, use of Mozilla Firefox looks like a short term preventive measure for bolstering the security browsing sessions, for now.
The above mentioned advisory does give a workaround for any OS from Vista and above, but Windows Server 2003 is still affected. So for most of us out there, we should be OK for the time being. However, for the less tech savvy folks out there, they’ll have to wait for Microsoft to patch it as part of their regular monthly updates. So between now and then, users unaware of this issue, could be potentially wide open.