Security experts recently reported a flaw that has been sitting idly and undetected for more than a decade, the flaw was called "FREAK" short for "Factoring Attack on RSA-Export Keys." The bug could help hackers easily break into any HTTPS-secured website and can cause catastrophic damage in terms of online security.
According to Salon, no hackers have tried to use the weaknesses discovered and companies are already mobilizing resources in order to repair the problem before it can be exploited. If unrepaired, the flaw could allow hackers to decrypt HTTPS-protected traffic that passes through Android or Apple devices. It could also prove catastrophic to millions of websites including government controlled domains.
Recently, more than 14 million websites that uses secure socket layer were scanned and it shows that more than 36 percent of them have the perceived vulnerability to the decryption attack. The flaw was pointed to a regulation implemented by the Clinton administration which requires US software developers to use a much a weaker security encryption when exporting programs outside of the United States.
Due to the lifting of the restriction software engineer has long abandoned that practice, however the ciphers have managed to integrate itself into a signification amount of end-user devices and servers.
Two of the most affected platform of was Apple and Google whose default mobile browsers were reported to have been compromised. Additionally, Google Chrome along with Mozilla Firefox was reported to be secure from the flaw.
Apple has issued a statement saying that the company will be able to release a patch to repair the problem within the next week. Google on the other hand said that it has already rolled-out an update to device manufacturers and wireless network carriers in order to temporarily patch the issue while a permanent repair is in development, according to Ars Technica.