Microsoft has released a security warning that PCs using its Windows OS (operating system) are vulnerable to the "FREAK" attack; a patch could be available as soon as next week. The bug is a risk to millions of computers with low encryption that send "secure" communications, although the risk is low now.
The US federal government developed FREAK, or Factoring Attack on RSA-EXPORT Keys, to spy on users. The bug only affects SSL/TLS protocols, Internet security systems used to transmit sensitive data.
When users visit certain websites, FREAK can steal data such as account passwords and bank data. In the 1990s, the FREAK bug crawled into software abroad, resulting in restrictions on 512-bit encryption.
At first, tech experts thought that the bug only affected limited users of Blackberry phones, Android operating systems, and Apple Safari browsers, according to BBC. However, Microsoft has reported that every Windows version that uses non-Microsoft software to call Secure Channel in the OS, is vulnerable to FREAK.
Tech giants Google, Microsoft, and Apple have been slow in providing patches for the bug. In fact, users can even be attacked when visiting about 10% of the one million most popular websites.
Based on experts' calculations, approximately 36 million Internet users are at risk of being attacked by the FREAK bug, according to The Next Digit. However, the risk is fairly low.
French researchers at INRIA, a computer science lab, have given notifications to governments worldwide. In response to the notification, Apple and Microsoft will probably fix the bug by releasing patches by next week.
Microsoft has provided advice about methods for making some of its software less vulnerable to FREAK. However, these problems can result in "serious problems" with other software. They get very "freaky."