Apple fixes ‘FREAK’ security flaw

Apple is moving to address a security vulnerability that could leave Internet users exposed to hacking when they visit a wide variety of government and social media websites.

A patch for the flaw known as “FREAK” was released Monday as part of the iOS 8.2 operating system for iPhones and iPads. Apple is encouraging users who believe they might be affected by the bug to download the update as soon as possible.

Security researchers discovered “FREAK” when they realized they could force websites to use weakened encryption, then easily breach those defenses.

Experts traced the flaw to a decades-old decision by the U.S. government to export weaker encryption standards. These weaker standards eventually returned to the United States after they were baked into software around the world.

When the flaw was first reported, researchers believed it only affected Apple and Google devices. It was later discovered that Windows users are also vulnerable, a significant problem given that most Internet users around the world have PCs.