Emerging Threats

New FREAK vulnerability can allow attackers to decrypt encrypted communications

Authored by a Symantec employee


A newly discovered vulnerability, dubbed, “FREAK”, that could allow attackers to intercept and decrypt encrypted traffic between browsers and web sites via a Man-in-the-Middle (MitM) attack, was discovered on March 3rd, 2015 by researchers. Once an attacker has cracked the encryption code, it is possible for the attacker to steal passwords and other sensitive personal information.

A security suite that helps protect your devices.

Free security software just doesn’t have the resources to keep up with new threats as they emerge. That’s why you need a multi-layered defense to security. Meet Norton Security Premium — protection for up to 10 of your devices.

This vulnerability has existed since the late 90s, as a forgotten part of the coding within many Google and Apple products. In addition to Google and Apple products, this vulnerability affects the Transport Layer Security (TSL) and Secure Sockets Layer (SSL) security built into the web browser. These security tools are used to encrypt the transmission of data between web browsers and servers (websites). You will know you are using these protocols when you see the HTTPS and padlock in your browser’s URL bar. Hackers can force browsers to use an older, weaker form of encryption that can be cracked to easily decrypt messages.

Apple has stated “We have a fix in iOS and OS X that will be available in software updates next week.” Google also addressed the matter, saying that it has developed a patch for the Android operating system’s browser and has provided it to their partners, which are the companies that manufacture Android devices and are responsible for providing software patches to the operating system.

How To Stay Safe From This Vulnerability

Users of Google Android devices are advised to use the Chrome web browser rather than the default Android browser until a patch is issued. Users of Apple desktop and mobile devices should not use the Safari browser until the patch is issued.

Browsers such as Firefox or Chrome are not affected and can be used as a safe alternative.

To see if your favorite websites are affected by this vulnerability, you can use our free tool to check!

Our best protection. One low price

Norton Security Premium helps protect up to 10 of your Windows PCs, Macs, Android smartphones or your iPads.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.