There is a new version of Vera Crypt appeared on the TrueCrypt software-based encryption. A researcher at Google had in TrueCrypt two leaks discovered which were also present in Vera Crypt.Through the leak could be a local attacker who already has access to the system to increase its rights.
TrueCrypt is no longer supported since last year, making the two vulnerabilities are not patched. Vera Crypt is based on the source code of TrueCrypt and is still actively maintained. Besides the two vulnerabilities are also fixed several other non-security related bugs. Users of Vera Crypt therefore be advised to version 1.15 upgrade.
James Forshaw, the Google researcher who vulnerabilities discovered, suggests that this is not about backdoors, but that they unwittingly came through the TrueCrypt audit. Last year it was TrueCrypt for the presence of back doors audited, whereby various problems were found. Backdoors were not found. A few weeks after the first part of the audit was completed decided to stop the TrueCrypt developers with the development of the software. The problems found were not patched as a result, which also applies to new vulnerabilities.
No comments:
Post a Comment