TrueCrypt Vulnerabilities Allow System Compromise, Researchers Warn
Two new security vulnerabilities affecting free encryption tool TrueCrypt may allow attackers to obtain admin-level privileges and install malware on the machine, security researchers say.
Two vulnerabilities (CVE-2015-7358 and CVE-2015-7359) in the driver that TrueCrypt installs on Windows systems have recently been discovered by James Forshaw, a member of Google’s Project Zero team. Exploiting them could allow attackers to obtain elevated privileges if they had access to a user account.
TrueCrypt authors stopped developing the encryption tool last year, because of “unresolved security issues”. However, a security audit of TrueCrypt’s source code and its cryptography implementations revealed no backdoors or security holes.
Forshaw said serious bugs can still remain undiscovered after a security audit.
The Google researcher did not disclose details about the two bugs, saying that he usually waits seven days after a patch is released, before opening his bug reports.
The critical bugs have been patched in the new app VeraCrypt, an open-source program based on the TrueCrypt code that aims to continue and improve the original project.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 28, 2021