A very slow news day in the world of Apple, but we brought it to you anyway!
- If you own any MacBook made in 2015 and use Boot Camp, there’s a FaceTime Camera Driver Update for you
- Fantastical 2 for iPhone gets an update today!
- Running the public beta of OS X El Capitan? The third public beta is available. Woo-hoo!
A short text version of this podcast is available after the inline player and subscribe button.
Security company FireEye recently examined iOS and Android apps to determine whether they are vulnerable to the recently publicized FREAK attack. FREAK is a security flaw that allows a 2,048-bit SSL/TLS (Secure Sockets Layer/Transport Security Layer) encryption key to be downgraded to a weaker 512-bit key.
Via a man-in-the-middle attack, a hacker can use the FREAK expolit to intercept HTTPS connections and force the vulnerable clients to use the weakened form of encryption. Once compromised, the hacker potentially can access the sensitive data being transmitted via HTTPS.
Apple fixed the iOS FREAK vulnerability in iOS 8.2, but some apps remain vulnerable as they utilize their own OpenSSL libraries and connect to servers that remain unpatched. FireEye examined more than 14,000 popular iOS apps and found that 5.5% remain vulnerable to a FREAK attack.
On the iOS side, 771 out of 14,079 (5.5%) popular iOS apps connect to vulnerable HTTPS servers. These apps are vulnerable to FREAK attacks on iOS versions lower than 8.2. Seven these 771 apps have their own vulnerable versions of OpenSSL and they remain vulnerable on iOS 8.2.
Our take on the news:
App developers are slowly patching their apps, but the pace can be slow. This can put customers at risk when developers ignore or are slow to respond to these security threats.