SAN FRANCISCO -- Millions of people may have been left vulnerable to hackers while surfing the web on Apple and Google devices, thanks to a newly discovered security flaw known as "FREAK attack."

There's no evidence any hackers have exploited the weakness, which companies are working to repair. Researchers who reported the problem this week blamed an old government policy, abandoned several years ago, which required U.S. software-makers to use weaker security in encryption programs sold overseas.

Many popular websites and some Internet browsers can still be tricked into accepting the weaker software. That could make it easier for hackers to break encryption that's supposed to prevent digital eavesdropping when a visitor types sensitive information into a website. Apple and Google say they're distributing software updates to fix the flaw.