FREAK SSL/TLS Vulnerability

["US-CERT" <US-CERT () ncas us-cert gov>]

NCCIC / US-CERT

National Cyber Awareness System:

FREAK SSL/TLS Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2015/03/06/FREAK-SSLTLS-Vulnerability ] 
03/06/2015 06:19 PM EST 
Original release date: March 06, 2015

FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204 [ 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204 ]) is a weakness in some implementations of SSL/TLS that 
may allow an attacker to decrypt secure communications between vulnerable clients and servers.

Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability. 
Microsoft has released a Security Advisory [ https://technet.microsoft.com/library/security/3046015.aspx ] that 
includes a workaround for supported Windows systems.

Users and administrators are encouraged to review Vulnerability Note VU#243585 [ http://www.kb.cert.org/vuls/id/243585 
] for more information and apply all necessary mitigations as vendors make them available. Users may visit 
freakattack.com [ http://www.freakattack.com ] to help determine whether their browsers are vulnerable. ("Note: DHS 
does not endorse any private sector product or service. The last link is provided for informational purposes only.")

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]