Apple patches FREAK vulnerability on OS X, iOSApple patches FREAK vulnerability on OS X, iOS

Lee Hutchinson, Ars Technica:

Apple has published its second major security roll-up package of the year, Security Update 2015-002, which contains fixes for multiple versions of OS X stretching from Mountain Lion 10.8.5 to Yosemite 10.10.2...

First publicized a week ago, the "FREAK" vulnerability can be used by an attacker to force someone’s SSL/TLS connection to a Web server to use a weak 512-bit key, which the attacker can then factor with a relatively trivial amount of work and thereby decrypt and/or modify the supposedly secure connection. The vulnerability affects OS X, iOS, Android, and Windows devices.

In addition, yesterday's iOS 8.2 update included a fix for the FREAK vulnerability.