Apple and Google were forced to patch their own browsers after it was found that the FREAK flaw could force browsers to use a weaker encryption cipher, leaving it vulnerable to man-in-the-middle attacks that can intercept and manipulate traffic. The researchers discovered that the FREAK attack could be used to change how a person votes using iVote, without the voter ever being aware.
The flaw was notified to CERT Australia on Friday, and the researchers said that iVote disabled the analytics code on Saturday. However, given that the polls have been open since March 16, many voters could have had their vote compromised.
Up until polling day, voters can log in and change their vote on the iVote system. The researchers stated that given the main gateway to the iVote site runs plain HTTP, it is still vulnerable to the ssl_strip attack.