Your #browser may no longer be vulnerable to FREAK attacks, but what about the mobile #apps you use? According to FireEye researchers, who have tested the most popular apps both for #android and for #ios, a considerable number of them are left open to a FREAK attack, as they contain vulnerable versions of the OpenSSL and SecureTransport libraries.
“Even after vendors patch Android and iOS, such apps are still vulnerable to FREAK when connecting to servers that accept RSA_EXPORT cipher suites. That’s why some iOS apps are still vulnerable to FREAK attack after Apple fixed the iOS FREAK vulnerability in iOS 8.2 on March 9,” the researchers explained.
Leave a reply