A new version of OpenSSL is set to be made available tomorrow that will address a single ‘high severity’ vulnerability.
OpenSSL is an open source technology used by many websites and applications to protect customer data and made the headlines last year following the discovery of the infamous ‘Heartbleed’ bug that could allow an attacker to acquire encryption keys from web servers.
The exact nature of the new vulnerability remains a mystery, but its existence immediately evokes memories of the scramble to fix Heartbleed and the spotlight cast on the lack of funding received by developers of widely used open source technologies.
Security expert Graham Cluley said he hoped the bug would not be another Heartbleed and that it was important the OpenSSL Project kept details under wraps for now in order to protect end users.
“Fingers crossed, this new vulnerability in OpenSSL won’t be anything like as serious as Heartbleed – but the grading of it as high severity’ means that it could open the door to various threats: ranging from fairly tame denial-of-service attacks to rather unpleasant remote code execution,” he said.
“Don’t be too upset that the OpenSSL project is keeping details of the vulnerability under its hat for now. No doubt they will be concerned that any information they share in advance could be exploited in live hacks by malicious hackers.
“Being careful about vulnerability disclosure is particularly important when the software is so widely used, and understood to be an essential component required in securing internet transactions.”
He said administrators could sit tight for now but urged them to install the patch as soon as it became available.
“You owe it to your own security, but also in order to properly protect the security of your partners and customers,” he added.
How well do you know open source software? Take our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…