What you need to know about the ‘FREAK’ bug

Now that has come back to haunt us, in the form of a nasty computer bug.

Researchers have discovered a flaw -- which they call the FREAK bug -- that can let a hacker spy on your Internet session and steal your login credentials.

It affects lots of supposedly secure websites, from Symantec.com to NSA.gov. Apple's Safari browser and some Android Web browsers are vulnerable. (Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer are OK.)

Apple (AAPL, Tech30) told CNNMoney it plans to have a fix for iPhone and Mac users next week in the form of a software update. Google (GOOG) did not immediately respond requests for comment.

Kickstarter, WePay, and many other websites that feature Facebook (FB, Tech30) "like" buttons are also vulnerable to this, researchers said.

The issue, explained

Buried somewhere deep inside the code of some Web browsers and websites is an old, weak version of encryption that can easily be cracked. And the only reason it exists is because of bad U.S. policies that have since been abolished.

Back in the 1990s, the federal government restricted the export of powerful data encryption. Computer companies were forced to employ two versions of encryption: weak and strong. But the weak stuff stuck around long after it was no longer needed.

The bug was found late last year by academic security researchers at the French computer science institute INRIA. They've been quietly helping Apple and others fix this behind the scenes since November. They dubbed it the FREAK bug, short for "Factoring Related Attack on RSA Keys."

Akamai (AKAM), a company that hosts websites with an extra layer of protection, made the bug public on Tuesday. The company said it's racing to fix the problem for all of its customers.

More:
What you need to know about the 'FREAK' bug