Published in News

Apple fixes a flaw in Macs in just a week

by on04 March 2015


Must be a record

A flaw in Apple Macs is so bad that Apple did not have time to go through its normal ritual of ignoring it and pretending it only effects a small number of users. 

Jobs' Mob announced that the 'Freak' security flaw has been fixed only a few days after it was revealed. The vulnerability in web encryption technology could enable attackers to spy on communications of users of Apple's Safari browser, according to researchers who uncovered the flaw.

Apple spokesman Ryan James said the computer had developed a software update to remediate the vulnerability, which would be pushed out next week.

Google spokeswoman Liz Markman said the company had also developed a patch, which it has provided to partners. She declined to say when users could expect to receive those upgrades. Google typically does not directly push out Android software updates. Instead they are handled by device makers and mobile carriers.

The Washington Post reported that the bug left users of Apple and Google devices vulnerable to cyberattack when visiting hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov. Whitehouse.gov and FBI.gov have been fixed, but NSA.gov remains vulnerable, the paper cited Johns Hopkins cryptographer Matthew D. Green as saying.

A group of nine researchers discovered that they could force web browsers to use an form of encryption that was intentionally weakened to comply with US government regulations that ban American companies from exporting the strongest encryption standards, according to the paper.

Once they caused the site to use the weaker export encryption standard, they were then able to break the encryption within a few hours. That could allow hackers to steal data and potentially launch attacks on the sites themselves by taking over elements on a page, the newspaper reported.

Rate this item
(8 votes)

Read more about: