Microsoft and Apple patch FREAK bug – now you’ve got to update
Tech giants address the flaw that downgrades security of Android, iOS, Windows and OSX
Microsoft and Apple have moved to stem the bleeding caused by the FREAK vulnerability, releasing patches for the bug.
The tech giants are just two of the firms whose software FREAK has weakened, after the decade-old SSL vulnerability only came to light this month.
FREAK, an acronym for Factoring Attack on RSA-EXPORT Keys, was the US government's effort in the 1990s to downgrade encryption on exports during the 1990s.
It allows hackers to weaken software security from "strong RSA" to "export grade", according to Matthew Green, a research professor at Johns Hopkins University, one of the researchers who helped uncover the flaw.
Redmond admitted last week that all versions of Windows were susceptible to the bug, while it has also left Android and iOS devices at risk of hacking for a decade.
Now however, Apple and Microsoft have joined Google in patching the flaw.
Security researcher Graham Cluley wrote in a blog post: "Apple appears to have resolved the FREAK vulnerability for its users in a relatively short amount of time."
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Apple's Security Update 2015-002 protects the Mac's OSX operating system, while similar patches address the vulnerability in iOS and Apple TV, too.
Meanwhile, Microsoft has issued 14 security bulletins for this month's Patch Tuesday, one of which specifically addresses FREAK.
Alan Bentley, international senior vice president at IT security firm Heat Software, said: "Now that Apple and Microsoft have made fixes available, the onus is on organisations to address the vulnerability.
"Failure to apply the appropriate patch will mean organisations are knowingly leaving their back doors open and allowing hackers access to their personal and private data."
-
OpenAI expands 'Daybreak' cyber program: New tools, partnerships, and a cyber-focused GPT-5.5 aim to help 'patch the world'News The company has added new tools, signed up partners, and released its GPT-5.5-Cyber model more widely
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption
-
Researchers warn millions of RDP and VNC servers are wide open to exploitationNews Researchers at Forescout spotted millions of RDP and VNC servers exposed online
-
Brace yourselves for a vulnerability explosion, Forescout warnsNews AI advances are helping identify software flaws at record pace and scale, but that's not the good news some would think
-
Ubuntu vulnerability exposes enterprises to root escalation, complete system compromiseNews The high-severity Ubuntu vulnerability allows an unprivileged local attacker to escalate privileges through the interaction of two standard system components
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security
