Apple released Security Update 2015-002 for the Mac late on Monday that patches the FREAK security flaw on OS X 10.8 and higher. Apple promised last week a patch was coming soon.
Apple releases patch for FREAK security weakness
FREAK is a throwback to the 1990s when the U.S. government required a weak security protocol on computers exported out of the country. The encryption protocols were easily hackable by the NSA, which in turn meant they were easily hackable by anyone.
The government eventually eased that restriction, but the protocols it relied on were left behind in the operating systems that drive our computers and smartphones. The FREAK exploit takes advantage of RSA_EXPORT cipher suites and unpatched OpenSSL versions. Yesterday's update plugs that hole for Mac users.
The fact that we needed this patch for our Macs is a perfect example of why governments demanding a back door into our personal and private data is a monumentally bad idea. TMO's Bryan Chaffin summed it up perfectly last week when he wrote about the security flaw:
This is yet another example of how intentionally crippling encryption for the sake of government surveillance ultimately makes all of us vulnerable. Restricting encryption technology in the first place not only encouraged development of encryption technologies outside the U.S., it resulted in consumers around the globe being vulnerable to all manner of attacks from the bad guys.
Apple promised a quick fix last week, and followed through. You can install Security Update 2015-002 on OS X Yosemite by choosing Apple menu > App Store, then selecting the Updates tab. On older OS X versions, go to Apple menu > Software Update.