HTTPS-Based FREAK Attacks Make Way To Hundreds Of iOS Applications


There have been a slight mishap concerning application security as hundreds of applications on both iOS and android have faced a malicious attack. According to reports gathered from Ars Technica, there have been several vulnerabilities drafted that have a tendency to distort applications from the original purpose. Security researchers working at FireEye went through enumerable iOS and Android application which do not have any vulnerable elements that can be harmed from the FREAK Attack ( Factoring RSA Export Keys). However, there are hundreds of applications that have been hit by the attack and affected them badly.

Among the top 14079 applications in the App Store, 771 are exposed to the attack while on the Android side 1288 applications which have over one million downloads are open to be affected. Researchers pinpointed that the applications being harmed use crypto libraries to connect to their servers which by word have weak encryption keys and unfortunately still in use today. Yulong Zhang,Hui Xue, Tao Wei and Zhaofeng Chen said,

"As an example, an attacker can use a FREAK attack against a popular shopping app to steal a user's login credentials and credit card information, other sensitive apps include medical apps, productivity apps and finance apps."

Apple Issued Secure Patch For Minimal Damage

Followed by the FREAK attack to affect its home ground, Apple issued safe patches for its cross-platformed operating systems namely, iOS, OS X and Apple TV while applications that run on hardware without any stitched security might still get affected. According to FireEye, among the 771 iOS applications seven of them are still exposed to the attack even with Apple's patch mounted.

The FREAK exploitation attacks that are benefitted by the legacy support which are denounced and decade old were discovered earlier this March - SSL/TSL Encryption Protocols. Users who face the same malicious attack can downgrade using force encryption to seize sheltered communications and collect sensitive data. The vulnerability attack is not restricted to any sort of browser and can affect applications on mobile which will leave hundreds of applications exposed. This is all concerning the HTTPS-based FREAK attack and we will notify the viewers as soon as other reports come in. Share your thoughts in the comments below.