HTTPS security flaw FREAK plagues Windows too

HTTPS security flaw FREAK plagues Windows too

Windows systems are vulnerable to FREAK, a decade-old bug that was discovered only this week affecting Android and Apple devices.

FREAK — short for Factoring attack on RSA-EXPORT Keys — allows hackers to decrypt HTTPS-protected Web traffic between browsers and millions of websites. Microsoft confirmed that Windows could be compromised the same way as Android, BlackBerry, iOS and OS X devices in an advisory published today.

The bug allows attackers to monitor traffic between vulnerable users and servers and inject malicious code which causes them to use a weak encryption key while transmitting data. They can then listen in on the exchange, masquerade as the target website and intercept data to read or modify it.

While Chrome for Mac has got an update that prevents this issue, its Android counterpart is still vulnerable with no sign of a fix in sight. Microsoft is yet to offer a solution either. Meanwhile, Apple has said that it will release patches for OS X and iOS next week.

To check if your browser is safe from this issue, visit the vulnerability scanning service FREAKAttack.

We’ve contacted Microsoft and will update this post when we hear back.

Stop the presses: HTTPS-crippling “FREAK” bug affects Windows after all [Ars Technica]

Read next: How to protect yourself against hackers (or at least make it difficult for them)

Read next: Hands-on: Office for Mac 2016 finally makes OS X users first-class citizens

Corona coverage

Read our daily coverage on how the tech industry is responding to the coronavirus and subscribe to our weekly newsletter Coronavirus in Context.

For tips and tricks on working remotely, check out our Growth Quarters articles here or follow us on Twitter.