1 min read

TrueCrypt Vulnerabilities Allow System Compromise, Researchers Warn

Alexandra GHEORGHE

September 30, 2015

Promo Protect all your devices, without slowing them down.
Free 30-day trial
TrueCrypt Vulnerabilities Allow System Compromise, Researchers Warn

Two new security vulnerabilities affecting free encryption tool TrueCrypt may allow attackers to obtain admin-level privileges and install malware on the machine, security researchers say.

Two vulnerabilities (CVE-2015-7358 and CVE-2015-7359) in the driver that TrueCrypt installs on Windows systems have recently been discovered by James Forshaw, a member of Google’s Project Zero team. Exploiting them could allow attackers to obtain elevated privileges if they had access to a user account.

TrueCrypt authors stopped developing the encryption tool last year, because of “unresolved security issues”. However, a security audit of TrueCrypt’s source code and its cryptography implementations revealed no backdoors or security holes.

Forshaw said serious bugs can still remain undiscovered after a security audit.

graf

Source: Twitter

The Google researcher did not disclose details about the two bugs, saying that he usually waits seven days after a patch is released, before opening his bug reports.

The critical bugs have been patched in the new app VeraCrypt, an open-source program based on the TrueCrypt code that aims to continue and improve the original project.

tags


Author


Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs.

View all posts

You might also like

Bookmarks


loader