Most systems are not vulnerable because, says security expert Robert Graham . Modern software would use a different function and even software that uses the function which the leak can be invoked does so in a way that can not be abused."Even if software will use the vulnerable function is not to say that it is also vulnerable," the expert notes. Also, most systems would not be attacked by the leak and many of the exploits used only locally. Graham says that users also do not have to panic.
He gets applause Jen Ellis security company Rapid7. "Unlike a leak as Heartbleed is not always exploit the problem. The general consensus is that the bug is not easy to abuse," Ellis says. Until now, there would be only one known case that is easy to abuse. Both experts suggest that users of their systems after installing the patch have to reboot. Without a reboot services that will use the vulnerable library not be restarted.
No comments:
Post a Comment