impacting all supported versions of Windows) have all been found vulnerable to this type of attack.
The flaw resides in the fact that the SSL/TLS encryption was forced to use a weaker cipher suite (so called “export grade”) with a 512-bit key that could be broken with today’s technology in a few hours.
Apple is describing the affected area as a “Secure Transport vulnerability which allows an attacker with a privileged network position to intercept SSL/TLS connections”.
The security update 2015-002 which fixes FREAK is available for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2.
The iOS 8.2 is available for iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later.
Apple’s security update for MacOS also includes mitigation for arbitrary code execution by leveraging flaws in iCloud Keychain recovery, IOAcceleratorFamily and IOSurface and the Kernel (OS X Yosemite).
For the iOS, Apple patched bugs in CoreTelephony, which caused the device to restart and buffer overflows in iCloud Keychain which allow an attacker with a privileged network position to execute arbitrary code.
Even if CVE-2015-1067 also known as FREAK is more theoretical than most vulnerabilities affecting the SSL protocol and its implementations (Heartbleed, Poodle), it is strongly advisable to apply the update.
Usually, the update comes over the wire, so follow the known procedures for each device to apply it: