Apple and Google say they have developed fixes to mitigate the newly uncovered "Freak" security flaw affecting mobile devices and Mac computers.

Initially thought to be immune, Microsoft released an advisory which warned hundreds of millions of Windows PC users are also vulnerable to the security vulnerability.

The weakness in web encryption technology could enable attackers to spy on communications of users of Apple's Safari browser and Google's Android browser, according to researchers who uncovered the flaw.

The vulnerability could allow attacks on Microsoft PCs that connect with servers configured to use encryption technology intentionally weakened to comply with US government regulations banning exports of the strongest encryption.

Apple spokesman Ryan James said the computer company had developed a software update to remediate the vulnerability, which would be pushed out this week.

Google spokeswoman Liz Markman said the company had also developed a patch, which it has provided to partners. She declined to say when users could expect to receive those upgrades.

Google typically does not directly push out Android software updates. Instead they are handled by device makers and mobile carriers.

Microsoft advised system administrators to employ a workaround to disable settings on Windows servers that allow use of the weaker encryption.

It said it was investigating the threat and had not yet developed a security update that would automatically protect Windows PC users from the threat.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers," it said.

Vulnerability could allow hackers to steal data, launch attacks

The Washington Post reported that the bug left users of Apple and Google devices vulnerable to cyberattack when visiting hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov.

Whitehouse.gov and FBI.gov have been fixed, but NSA.gov remains vulnerable, the paper cited Johns Hopkins cryptographer Matthew D Green as saying.

A group of nine researchers discovered that they could force web browsers to use a form of encryption that was intentionally weakened to comply with US government regulations that ban American companies from exporting the strongest encryption standards, according to the paper.

Once they caused the site to use the weaker export encryption standard, they were then able to break the encryption within a few hours.

That could allow hackers to steal data and potentially launch attacks on the sites themselves by taking over elements on a page, the newspaper reported.

Ms Markman said that Google advised all websites to disable support for the less-secure, export-grade encryption.

"Android's connections to most websites, which include Google sites and others without export certificates, are not subject to this vulnerability," she added.

The group of researchers dubbed the flaw "Freak", for "Factoring RSA-EXPORT Keys", according to a website where they described the vulnerability.