Products

Deep Discovery Analyzer

Deep Discovery Email Inspector

Deep Security

Interscan Messaging Security Virtual Appliance

Interscan Web Security Suite

Interscan Web Security Virtual Appliance

Trend Micro Mobile Security for Enterprise

Trend Micro Security for Mac

Trend Micro Smart Protection Server

Worry Free Business Security Services

“FREAK” Vulnerability (CVE-2015-0204)

Product / Version includes:

Deep Security 9.5

Last updated: 2025/05/08

Solution ID: KA-0004988

Category: SPEC

Summary

On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. This site is dedicated to tracking the impact of the attack and helping users test whether they are vulnerable.

FREAK was discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team. They found that OpenSSL (versions prior to 1.0.1k) and Apple TLS/SSL clients are vulnerable to man-in-the-middle (MITM) attacks. Once attackers are able to intercept the HTTPS communication between vulnerable clients and servers, they force the connection to use the old export-grade encryption.

Attackers who “listen” in on the communication will then be able to decrypt the information with relative ease.

Apple’s SecureTransport is used by applications running on iOS and OS X. These include Safari for iPhones, iPads, and Macs. Meanwhile, OpenSSL is used by Android browsers and other application packages. From our understanding, the attack is possible only if the OpenSSL version is vulnerable to CVE-2015-0204.

OpenSSL has provided a patch for CVE-2015-0204 in January. Apple is reportedly deploying a patch for both mobile devices and computers.

Trend Micro recommends Android users to refrain from using the default Android browser in their devices. Instead, customers are advised to use Google Chrome app as it is not affected by the bug. Furthermore, connections to the Google search site are not affected.

Trend Micro has some solutions that already provide protection against this vulnerability:

Trend Micro Deep Security protects users from this vulnerability through the following DPI rule:
OpenSSL RSA Downgrade Vulnerability (CVE-2015-0204)
For Servers: Deep Packet Inspection (DPI) Rules 1006561 and 1006562
For Clients: Deep Packet Inspection (DPI) Rule 1006485
Deep Security rule DSRU15-008
Businesses running websites and other server applications using export grade ciphers should upgrade their systems and upgrade to the latest OpenSSL.

Trend Micro is currently investigating all products known to use this version of OpenSSL and will update the list of products affected as they become available. Customers and partners who may need additional information or have questions are encouraged to contact their authorized Trend Micro representatives.

Products that are not affected:

Products
Deep Discovery Analyzer
Deep Discovery Email Inspector
Deep Security
Interscan Messaging Security Virtual Appliance
Interscan Web Security Suite
Interscan Web Security Virtual Appliance
Trend Micro Mobile Security for Enterprise
Trend Micro Security for Mac
Trend Micro Smart Protection Server
Worry Free Business Security Services

Reference:

Trend Micro Security Intelligence Blog - FREAK Vulnerability Forces Weaker Encryption

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

“FREAK” Vulnerability (CVE-2015-0204)

“FREAK” Vulnerability (CVE-2015-0204)

Product / Version includes:

Summary