Another potentially dangerous vulnerability called FREAK (Factoring Attack on RSA-EXPORT Keys) is being true to its name and is freaking out all Android and Apple device users. This SSL/TLS vulnerability has over the years exposed millions of Android and Apple devices to attacks when they visit supposedly ‘secured’ websites, which is what makes it dangerous.
This vulnerability with CVE-2015-0204 allows man in the middle (MitM) attack enabling hackers to force clients to downgrade connections from ‘strong’ RSA to ‘export-grade’ RSA or 512 bit RSA cipher suites.
FREAK is similar to POODLE which allowed hackers to downgrade the entire SSL/TLS Internet-communication security suite to the weakest possible version. FREAK affects only those SSL/TLS implementations that accept export versions of protocols that use the RSA encryption algorithm. It is possible to carry out this attack when a vulnerable device connects to a HTTPS protected website.
How you can stay secure:
We encourage all Android and Apple device users to check for top vulnerable websites and ask all web server administrators to disable support for export-grade cipher suites, including all known insecure ciphers, and enable forward secrecy.
You can also use an online tool to check if a website is vulnerable or not.
At the moment, Windows and Linux end-user devices are not believed to be affected. We will keep you posted if that changes!