FREAK (Factoring Attack on RSA-EXPORT Key) is one of the latest web security threats to go public, which works by weakening users’ encrypted connections on SSL and TLS, allowing a hacker to intercept and decipher data.
The threat affects mostly mobile device browsers, such as Apple’s Safari and Android device browsers, but it also affects older versions of OpenSSL including 1.0.2, 1.0.1, 1.0.0 and 0.9.8. Version 1.0.2 of OpenSSL has been classified under a “high” severity of vulnerability.
Just yesterday, The OpenSSL Project announced a series of patches for the vulnerability, which also fixes 12 other issues including DoS weaknesses. If you’re a SiteLock customer, don’t worry – SiteLock is not using a vulnerable version of OpenSSL, and therefore the new vulnerability will not affect your service.
Furthermore, SSL connections to all SiteLock protected domains are always secured by default as we secure connections before passing them on the origin servers. The SiteLock team is paying close attention to the issue on a 24/7 basis, and will be applying additional patches as they are released.