This article was published on March 18, 2015

Thousands of Android and iOS apps are still vulnerable to the FREAK bug


Thousands of Android and iOS apps are still vulnerable to the FREAK bug

According to FireEye researchers, a large number of iOS and Android apps are still vulnerable to the FREAK bug despite patches being released.

The report suggests Android has the biggest problem, with over 10 percent of apps open to attack.

The researchers scanned almost 11,000 Android apps that have more than a million downloads each and found that over 1000 of them were still vulnerable because they use an Open SSL library to connect to HTTPS servers. They wrote:

These 1228 apps have been downloaded over 6.3 billion times. Of these 1228 Android apps, 664 use Android’s bundled OpenSSL library and 564 have their own compiled OpenSSL library. All these OpenSSL versions are vulnerable to FREAK.

And when it comes to Apple’s iOS, things certainly don’t look much better. Out of over 14,000 popular iOS apps tested, 5.5 percent of them were connecting to the vulnerable HTTPS servers as well. However, this only applies to older version of the OS. Just seven of the vulnerable apps remain unfixed on iOS 8.2.

➤ FREAK Out on Mobile [FireEye]

Read Next: How to protect yourself against hackers (or at least make it difficult for them)

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with