Apple and Google both announced today that the companies have each developed fixes to help protect users against the newly revealed 'Freak' security flaw, which affects mobile devices and Mac computers.
Technology companies are scrambling to fix a major security flaw that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of supposedly secure Web sites, including Whitehouse.gov, NSA.gov and FBI.gov.
The flaw resulted from a former U.S. government policy that forbade the export of strong encryption and required that weaker "export-grade" products be shipped to customers in other countries, say the researchers who discovered the problem. These restrictions were lifted in the late 1990s, but the weaker encryption got baked into widely used software that proliferated around the world and back into the United States, apparently unnoticed until this year.
The vulnerability in web encryption technology could enable attackers to spy on communications of users of Apple's Safari browser and Google Inc's Android browser, according to researchers who uncovered the flaw. Apple spokesman Ryan James said the computer had developed a software update to remediate the vulnerability, which would be pushed out next week.
Google spokeswoman Liz Markman said the company had also developed a patch, which it has provided to partners. She declined to say when users could expect to receive those upgrades.