Apple has announced the latest round of security updates for OS X 10.8, 10.9 and 10.10 (Mountain Lion, Mavericks and Yosemite) that may receive the security update 2015-002. IOS has been updated to version 8.2 and Apple TV is upgraded to version 7.1.
All of the above updates fix the FREAK TLS error and not only.
Remember that FREAK is a security flaw that could allow an attacker to fool you and make you think you are on a secure TLS connection while having compromised security using insecure, crackabled encryption keys.
The error was discovered by a group of researchers, three of which were from Microsoft. They initially believed that it only applies to OpenSSL connections and the Secure Transport its system library Apple Lossless Audio CODEC (ALAC),.
But Microsoft quickly realized that its own Schannel TLS library was in jeopardy through it Internet Explorer.
All three platforms (Apple TV, iOS and OS X) are affected by the same Remote Code Execution (RCE) vulnerability, found by Project Zero of Google.
The bug was discovered in Apple's IOSurface development framework. IOSurface allows to two processes to share the video rendering buffer so that frames can be decompressed by one process but displayed in a separate movie player.
Ironically, as Apple explains, the IOSurface “typically usesto allow applications to perform image decompression in separate processes to enhance security.”
See all details of the update by Announcement page of Apple.
