FREAK dangerous vulnerability detected in desktop and mobile OS

A new vulnerability called FREAK (CVE-2015-0204) has been discovered in a well-known open source open source software package called OpenSSL. It allows attackers to compromise the secure HTTPS connection used by the browser. The vulnerability affected the Google Android and Apple iOS mobile platforms, as OpenSSL is used there as well as Apple OS X. All supported versions of Microsoft Windows ( SA 3046015 ) are also vulnerable because of a similar vulnerability in Microsoft Schannel.



The fix for OS X and iOS (Safari) will be available to users next week, the same goes for the Google Chrome web browser. For Internet Explorer, you can still use Workaround, which is described here . Using the FREAK vulnerability, attackers can switch a trusted HTTPS connection between the client and the server to its less secure version, and then decrypt the traffic (the so-called Man-in-the-Middle attack).
')
Vulnerabilities are subject to both client and server software. A list of websites that may be compromised through FREAK is here . The danger of the vulnerability also lies in the fact that from the point of view of the user's vulnerable web browser, if the attacker compromises the HTTPS connection, it still remains trusted and no security warning will be issued to the user.