It seems like every few months a new SSL vulnerability is pointed out – which I suppose makes sense with the recent popularity that SSL has gotten. Thanks Google. Alas let’s welcome FREAK – a new man-in-the-middle vulnerability discovered by a group of cryptographers at INRIA, Microsoft Research and IMDEA.
FREAK stands for “Factoring RSA-EXPORT Keys” which currently affects OpenSSL, Apple’s Secure Transport and Windows Secure Channel clients only. Basically users of Android mobiles, Apple Macs, iPhones and iPads, and Windows platforms are the ones really impacted. Red Hat servers seem to be good to go as none of them utilize the affected version of OpenSSL which hasn’t been patched already.
Webmasters & server techs take note – OpenSSL released a patched version on the 19th which you should update your servers to if you’re utilizing an affected OpenSSL version.