Cyber Week Sale! 50% Off All Access

Apple, Google Plan Fixes for Newly Uncovered 'Freak' Security Bug The new security flaw is affecting mobile devices and Mac computers.

By Reuters

This story originally appeared on Reuters

Apple Inc and Google Inc said on Tuesday that they have developed fixes to mitigate the newly uncovered 'Freak' security flaw affecting mobile devices and Mac computers.

The vulnerability in web encryption technology could enable attackers to spy on communications of users of Apple's Safari browser and Google Inc's Android browser, according to researchers who uncovered the flaw.

Apple spokesman Ryan James said the computer had developed a software update to remediate the vulnerability, which would be pushed out next week.

Google spokeswoman Liz Markman said the company had also developed a patch, which it has provided to partners. She declined to say when users could expect to receive those upgrades.

Google typically does not directly push out Android software updates. Instead they are handled by device makers and mobile carriers.

The Washington Post reported that the bug left users of Apple and Google devices vulnerable to cyberattack when visiting hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov. http: (wapo.st/18KaxIA)

Whitehouse.gov and FBI.gov have been fixed, but NSA.gov remains vulnerable, the paper cited Johns Hopkins cryptographer Matthew D. Green as saying.

A group of nine researchers discovered that they could force web browsers to use an form of encryption that was intentionally weakened to comply with U.S. government regulations that ban American companies from exporting the strongest encryption standards, according to the paper.

Once they caused the site to use the weaker export encryption standard, they were then able to break the encryption within a few hours. That could allow hackers to steal data and potentially launch attacks on the sites themselves by taking over elements on a page, the newspaper reported.

Markman said that Google advises all websites to disable support for the less-secure, export-grade encryption.

"Android's connections to most websites - which include Google sites, and others without export certificates - are not subject to this vulnerability," she added.

The group of researchers dubbed the flaw Freak, for "Factoring RSA-EXPORT Keys," according to a website where they described the vulnerability.

(Reporting by Jim Finkle; Editing by Christian Plumb, Bernard Orr)

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Growing a Business

This Breakthrough Technology is Poised to Accelerate Your Company's Growth

Discover a breakthrough technology stacked on top of generative AI, now poised to revolutionize businesses across nearly every sector. Unlock unprecedented growth and profitability potential, achieving levels once thought unattainable.

Business News

Google CEO Sundar Pichai Says 'You'll Be Surprised' By How Google Search Changes Next Year

AI has already changed the look of search, but Google's CEO says there are more changes to come.

Business News

'This Is Nuts': TikTok Just Got Closer to Being Banned in the U.S — Here's Why

The TikTok ban could go into effect one day before the inauguration of President-elect Donald Trump.

Business News

Would You Pay $200 for ChatGPT? OpenAI's New Reasoning Model Has a Hefty Price Tag.

At $200 per month, ChatGPT Pro is 10 times more expensive than the popular ChatGPT Plus plan.

Side Hustle

'I Just Hustled': She Earned More Than $300,000 Wrapping Gifts Last Year — and It All Started With a Side Hustle

When Michelle Hensley lost her husband to cancer, she needed to figure out how to earn an income for her family.