FREAK — short for Factoring attack on RSA-EXPORT Keys — allows hackers to decrypt HTTPS-protected Web traffic between browsers and millions of websites. Microsoft confirmed that Windows could be compromised the same way as Android, BlackBerry, iOS and OS X devices in an advisory published today.
The bug allows attackers to monitor traffic between vulnerable users and servers and inject malicious code which causes them to use a weak encryption key while transmitting data. They can then listen in on the exchange, masquerade as the target website and intercept data to read or modify it.
While Chrome for Mac has got an update that prevents this issue, its Android counterpart is still vulnerable with no sign of a fix in sight. Microsoft is yet to offer a solution either. Meanwhile, Apple has said that it will release patches for OS X and iOS next week.
To check if your browser is safe from this issue, visit the vulnerability scanning service FREAKAttack.
We’ve contacted Microsoft and will update this post when we hear back.