Microsoft has finally addressed the FREAK vulnerability that exists within Windows. On top of that the company addressed the Stuxnet security flaw – but that was certainly less of a priority than the FREAK vulnerability. Many pointed out that Safari, Firefox, and Android’s stock browser were the major browsers impacted by the security flaw that could facilitate a man-in-the-middle attack.
Ultimately, the vulnerability would compromise the SSL/TSL implementation that exists within the browsers themselves. The security flaw is a security issue – given the fact that there have been so many instances of websites being compromised, as well as businesses. The flaw essentially allows for weaker encryption to be used instead of the encryption that would normally be implemented on a given website.
This particular bug was found to be decades old, and would even impact some major websites – like government hosted websites – that ideally should be the most secure websites on the Internet. However, as was learned with this particular vulnerability – even the most secure places on the Internet can have suspect security measures protecting them – or flaws that previously were unseen could be found at any point.
The good thing about the FREAK flaw was the fact that it was not exploited at all to anyone’s knowledge. It will weigh heavily on the side of those software and companies who had otherwise allowed this bug to exist and be missed. Some had argued that it took companies like Apple and Microsoft too long to respond to the flaw – Microsoft did put together an update in relatively short order. As of Tuesday, the update corrected the issues that existed within Windows that would allow a bug like this to be exploited.
The Stuxnet flaw was one that was actually patched once already back in 2010. However, it would appear as though, according to security experts – that the update simply didn’t get the job done, and there would be a lengthier method that would allow the bug to be exploited still. Users and consumers alike hope though, that this will be the end of FREAK once and for all – which would mean there would be one less issue for users to worry about when it comes to security.
You can run the FREAK Test Tool to check whether your web browser is affected or not.