FireEye scans popular Android and iOS apps, nearly 2K vulnerable to FREAK
Identified in early March, the SSL/TLS vulnerability, dubbed FREAK, can be exploited to force an HTTPS connection to use weaker, and, therefore, easier to crack encryption, opening the door for attackers to steal or manipulate sensitive data, FireEye said in a Tuesday blog post.
Despite the availability of an iOS patch, both Android and iOS apps can still be vulnerable to FREAK attacks “when connecting to servers to that accept RSA_EXPORT cipher suites,” the firm said, explaining that FREAK is both a platform and app vulnerability since apps can contain vulnerable versions of the OpenSSL library.
The company scanned 10, 985 popular Google Play apps and found that 1,228 were vulnerable to FREAK. Out of 14,079 popular iOS apps tested, 771 were similarly at risk.