Many Apple and Android users had been left vulnerable to hackers for more than a decade due to a former U.S. government policy, according to cybersecurity researchers.

The security flaw, called FREAK, made visitors to a multitude of websites — including U.S. government-managed Whitehouse.gov, NSA.gov and FBI.gov — susceptible to cyberattacks that break secure Internet connections, according to The Washington Post.

Thousands and thousands of websites had been vulnerable to attacks. Safari and the default Android browser — but not Chrome — are affected.

FBI.gov and Whitehouse.gov have been repaired, but NSA.gov — somewhat ironically — remains vulnerable.

See also: 11 free tools to protect your online activity from surveillance

Meanwhile, Apple and Google have been working on a fix for the FREAK flaw.

An Apple spokesperson told Mashable that a fix for iOS and OS X would be available through software updates next week. Google is is encouraging all websites to disable support for the export certificates, a spokesperson for the search giant said. The company has also "developed a patch to protect Android's connection to sites that do expose export certs and that patch has been provided to partners."

The flaw resulted from a former U.S. rule that was lifted in the 1990s but had a lingering impact. The rule forbid exporting products with strong encryption, according to the researchers who discovered the flaw. To make sure it wasn't assisting strong cybersecurity in other countries, the U.S. shipped "export-grade" products abroad.

The hackers used "man-in-the-middle" attacks to decode encrypted Internet traffic, according to the report. Basically, researchers were able to trick websites running through Safari or Android browser into downgrading current encryption to the "export-grade" type. After reducing the cryptographic strength, hackers could break into website connections in mere hours and spy on "secure" web traffic.

“This is basically a zombie from the 90s," Nadia Heninger, a University of Pennsylvania cryptographer, told the Post "I don’t think anybody really realized anybody was still supporting these export suites.”

U.S. government officials have criticized big tech companies for their strong security measures.

"If the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place," FBI Director James Comey said in a speech last October.