The FREAK flaw could have allowed attackers to conduct man-in-the-middle attacks on encrypted networks, including Secure Sockets Layer (SSL) and Transport Layer Security (TLS). The vulnerability only affected connections to servers that support export-strength RSA cipher suites, and Apple reportedly addressed it by removing support for ephemeral RSA keys.
iOS 8.2 also patches various arbitrary code execution bugs, including CVE-2015-1061, which was a type confusion issue that existed in IOSurface’s handling of serialized objects. The bug was fixed through additional type checking.
Another addressed vulnerability, CVE-2015-1064, could have allowed a person with physical access to a device to see the home screen, even if the device was not activated. Improved error handling during activation fixed the issue.