Apple fixes FREAK in iOS, OS X and Apple TV - and numerous other holes besides

[anuseems]

Apple has just announced its latest round of security updates.

OS X in its 10.8, 10.9 and 10.10 flavours (Mountain Lion, Mavericks and Yosemite) gets Security Update 2015-002.

iOS goes to version 8.2; Apple TV gets 7.1.

In particular, the fix that we advised you to "watch for" is here.

For users of all the platforms mentioned above, the TLS FREAK bug is patched.

FREAK is the security flaw that could allow an attacker to trick you into making what you think it is a secure TLS connection, but with downgraded security using legacy, insecure, crackable cryptographic keys.

The bug, which was found by a team of researchers including three from Microsoft, was originally thought to apply only to OpenSSL and to Apple's Secure Transport system library.

That made Apple's Safari browser the most widespread one to have this bug until, in a sort of irony, Microsoft realised that its own Schannel TLS library was at risk too, and with it Internet Explorer.

More @ https://nakedsecurity.sophos.com/2015/03/09/apple-fixes-freak-in-ios-os-x-and-apple-tv-and-numerous-other-holes-besides/