Apple on March 9 released Security Update 2015-002, fixing five vulnerabilities in the Mac OS X operating system. The company also released iOS 8.2, which provides users with Apple Watch capabilities, as well as six security updates.
The most notable of the updates is one for the so-called FREAK vulnerability (factoring attack on RSA-EXPORT Keys) that was first publicly disclosed on March 3. In Apple’s security update, the fix for FREAK is identified as an update for Apple’s Secure Transport mechanism. The FREAK flaw fix is included in both the OS X and iOS 8.2 security updates.
“Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites,” Apple warned in its advisory. “This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.”
Read the full story at eWEEK:
Apple Patches FREAK, Fixes Other Vulnerabilities
– See more at: http://www.eweek.com/security/apple-patches-freak-fixes-other-vulnerabilities.html#sthash.0sZbgQCS.dpuf