Recently a FREAK vulnerability has been discovered and it was up to developers to solve it as fast as possible. This particular fix is one of the many that were included in 14 security bulletins. Only 5 of these seemed to be critical and dangerous, but the FREAK vulnerability has been specifically scary because it has been featured in numerous articles and on lots of web security sites all over the globe.
This is what freakattack.com states around the FREAK vulnerability:
On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. This site is dedicated to tracking the impact of the attack and helping users test whether they’re vulnerable.
The FREAK attack was discovered by Karthikeyan Bhargavan at INRIA in Paris and the miTLS team. Further disclosure was coordinated by Matthew Green. This report is maintained by computer scientists at the University of Michigan, including Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. The team can be contacted at freakattack@umich.edu.
What does this vulnerability do? Simply put, it seems that with its help an attacker was able to downgrade the key length that was included in an RSA key in order to decipher communications. This was a very dangerous vulnerability since just about any Windows user that was using Schannel in order to connect to a TLS server remotely was affected. As expected, this particular issue has been encountered in the Apple world as well, but they managed to fix the issue a lot faster, in fact a week earlier than Microsoft.
According to many professionals, it seems that the vulnerability has attacked specifically IE users because the browser was very easy to exploit in this regard. The attacker had to simply force the user to browse towards a malicious website and open a file that was infected. It seems that this happened via a DLL file that was specifically crafted in order to host the malicious entity. The Adobe Font Driver, as well as Microsoft Office and the server software created by the Redmond based company have been affected!
Thankfully, it seems that the whole set of issues created by the FREAK vulnerability has been solved, and that’s certainly a great thing. Of course, a recommended course of action is to get your security software up to date and also perform Windows updates too, because it’s a crucial step when it comes to staying one step ahead of the FREAK vulnerability.
Browse to freakattack.com to check if you are vulnearable for FREAK or not.
Photo credit: Mikael Altemark