Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

FireEye scans popular Android and iOS apps, nearly 2K vulnerable to FREAK

After scanning many popular Android and iOS apps, security firm FireEye found that nearly 2,000 were still vulnerable to FREAK attacks.

Identified in early March, the SSL/TLS vulnerability, dubbed FREAK, can be exploited to force an HTTPS connection to use weaker, and, therefore, easier to crack encryption, opening the door for attackers to steal or manipulate sensitive data, FireEye said in a Tuesday blog post.

Despite the availability of an iOS patch, both Android and iOS apps can still be vulnerable to FREAK attacks “when connecting to servers to that accept RSA_EXPORT cipher suites,” the firm said, explaining that FREAK is both a platform and app vulnerability since apps can contain vulnerable versions of the OpenSSL library.

The company scanned 10, 985 popular Google Play apps and found that 1,228 were vulnerable to FREAK. Out of 14,079 popular iOS apps tested, 771 were similarly at risk.

Related

Security concerns curb open source utilization

Open source software utilization has been scaled back by nearly 40% of industry professionals due to security concerns, with more than 50% reducing open source usage following the emergence of the widespread Log4j vulnerability, The Register reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.