Apple has patched a recently discovered security hole that has been around for more than 10 years.
Released on Monday following the company’s Apple Watch event, iOS 8.2 includes a fix that resolves the security bug known as “FREAK.” The bug could have left users of Apple’s mobile Safari and Google’s Android browsers more vulnerable to hacking, security researchers told the Washington Post last week.
The researchers found no evidence that any hackers had taken advantage of the flaw. But hackers could have intercepted even supposedly secure connections to hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov.
The researchers blamed the hole on a former US policy that prevented US companies from exporting the strongest encryption standards available. Though the restrictions were removed in the late 1990s, the weaker standard had already been built into such software as Web browsers. iOS 8.2
fixed the problem by removing support for the weaker RSA encryption keys that had been at the heart of the problem.
The flaw shows the risks of a government seeking to weaken the security used to protect consumer devices in order to provide back doors to conduct surveillance. Technology companies have complained to the government that such efforts undermine their business and the trust of their customers, both in the US and abroad.
Google told the Post that it would provide a security update to device makers and wireless carriers. Windows is also vulnerable to the same flaw, Microsoft confirmed in an advisory. The software giant said it would most likely fix the flaw in its regularly scheduled Patch Tuesday update or with an out-of-cycle patch.
iOS 8.2 also addresses a number of other security issues and bugs, adds several stability improvements for key apps, enhances certain features of Apple’s Health app and throws in support for the Apple Watch.