The bug – named Freak – has been in devices for years and follows US government rules in the 1990s which forced tech vendors to offer weak encryption for devices being exported abroad. While the US government changed those rules, the vulnerability remained in later iterations of the software.
Google has apparently already fixed the bug, while Apple will push an update as early next week.
Freak stands for factoring attack on RSA-Export keys – and was apparently first discovered by French researchers, whose findings were later confirmed by other experts in the field.
Quite a few well known websites, including government websites, support the less secure encryption but Google has advised people to disable that support.