This article provides information about the FREAK vulnerability (CVE-2015-0204) as well as how to avoid it.
What is FREAK Vulnerability?
The FREAK (Factoring RSA Export Keys) vulnerability is a security flaw which forces secure connections to use weaker encryption – this can allow the cybercriminals to facilitate MiTM (Man-in-the-Middle) attack in order to steal or manipulate sensitive data.
The FREAK attack is possible when a vulnerable browser connects to a susceptible web server—a server that accepts weaker encryption.
What should I do?
Avoid using the following browsers which are known to be affected by this vulnerability:
- Default Browser (Android)
- Google Chrome (Android and Mac OS)
- Internet Explorer (Windows)
- Opera (Mac OS and Linux)
- Safari (Mac OS and iOS)
- Black Berry Browser
You can visit the Censys - The FREAK Attack website to check if your browser is affected.