Tech giants rush to stamp out 'Freak'
Apple, Google and Microsoft are rushing to patch a serious mobile security flaw.
The newly uncovered “Freak” loophole lets hackers spy on communications through the Safari and Chrome browsers, and could allow attacks on Microsoft PCs too.
Apple and Google say they have developed fixes to mitigate the bug, while Microsoft has acknowledged that hundreds of millions of Windows users are also at risk.
The vulnerability comes from encryption technology that has been intentionally weakened in line with US government regulations that ban exports of better encryption software.
Security researchers discovered the flaw that allowed them to force web browsers to use the lesser forms of encryption.
They were able to cause a site to use weaker export encryption standards, and could easily break the encryption in just a few hours.
US media reports say the Freak bug leaves Apple and Google devices open to cyber-attack when visiting websites including Whitehouse.gov, NSA.gov and FBI.gov.
Apple says it has developed a software update to fix the vulnerability, to be pushed out this week.
Google says it has a patch too, but it would be up to individual device-makers and mobile carriers to roll it out.
Microsoft says it can inform system administrators of ways to disable weaker encryption settings on Windows servers, but it has no security update to protect Windows users.
Whitehouse.gov and FBI.gov have been fixed, but NSA.gov remains vulnerable, the Washington Post cites cryptographer Matthew D Green as saying.