The FREAK vuln: What it is and what you can do
What is the FREAK vulnerability?
FREAK is the latest in a line of recently uncovered vulnerabilities affecting the way communications are secured over the Internet. Specifically, it impacts SSL/TLS and stands for “Factoring attack on RSA-EXPORT Keys”. The bug allows an attacker to sit between your HTTPS connection and the vulnerable client or server and force you to use a less secure version of encryption. This downgraded encryption may allow an attacker to obtain your data.
Is Lookout affected?
No, Lookout’s infrastructure is not impacted by the FREAK vulnerability. Users are not at risk through Lookout’s product, however, that does not mean that your device itself is not otherwise vulnerable.
What can I do to protect myself?
Unfortunately, like the Heartbleed and POODLE vulnerabilities, people need to wait for a patch from their carrier or device manufacturer to be released. Apple has released a patch for Safari on iOS and Mac OS. Google has promised a patch, but has not yet released one.
If you’ve received an official manufacturer or carrier update to your operating system, install it!