The default Browser on both Apple and Android devices (smartphones, tablets) has a security flaw that allows an attacker to decrypt your login cookies, and other sensitive information, from your HTTPS connections if you use the vulnerable browsers such as Safari, according to report of The Register.
Termed as FREAK, the vulnerability plagues Apple’s SecureTransport – a library used by applications on iOS and OS X, including Safari for iPhones, iPads and Macs – and OpenSSL – the open source toolkit used by Android browsers and many other things.
“It turns out the Encryption used by OpenSSL and SecureTransport can be crippled by an attacker on your network: apps can be tricked into using weak encryption keys, allowing determined miscreants to pluck login cookies and other sensitive information out of your SSL-protected traffic,” the report adds.
Meanwhile cautioning about the flaw, security solution provider, Kaspersky has said, “Yes, Apple’s SecureTransport (used in iOS) and OpenSSL (used in Android’s “Browser”/”Internet”) are both vulnerable. Apple users should install updates as soon as they’re available. Android users should do the same, but should also make sure to switch to Google Chrome (or another browser), which is not vulnerable, and is not part of the base system.”