Two new security vulnerabilities affecting free encryption tool TrueCrypt may allow attackers to obtain admin-level privileges and install malware on the machine, security researchers say.
Two vulnerabilities (CVE-2015-7358 and CVE-2015-7359) in the driver that TrueCrypt installs on Windows systems have recently been discovered by James Forshaw, a member of Google’s Project Zero team. Exploiting them could allow attackers to obtain elevated privileges if they had access to a user account.
TrueCrypt authors stopped developing the encryption tool last year, because of “unresolved security issues”. However, a security audit of TrueCrypt’s source code and its cryptography implementations revealed no backdoors or security holes.
Forshaw said serious bugs can still remain undiscovered after a security audit.
Source: Twitter
The Google researcher did not disclose details about the two bugs, saying that he usually waits seven days after a patch is released, before opening his bug reports.
The critical bugs have been patched in the new app VeraCrypt, an open-source program based on the TrueCrypt code that aims to continue and improve the original project.
tags
Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024