Industry News

TrueCrypt Vulnerabilities Allow System Compromise, Researchers Warn

Two new security vulnerabilities affecting free encryption tool TrueCrypt may allow attackers to obtain admin-level privileges and install malware on the machine, security researchers say.

Two vulnerabilities (CVE-2015-7358 and CVE-2015-7359) in the driver that TrueCrypt installs on Windows systems have recently been discovered by James Forshaw, a member of Google’s Project Zero team. Exploiting them could allow attackers to obtain elevated privileges if they had access to a user account.

TrueCrypt authors stopped developing the encryption tool last year, because of “unresolved security issues”. However, a security audit of TrueCrypt’s source code and its cryptography implementations revealed no backdoors or security holes.

Forshaw said serious bugs can still remain undiscovered after a security audit.

graf

Source: Twitter

The Google researcher did not disclose details about the two bugs, saying that he usually waits seven days after a patch is released, before opening his bug reports.

The critical bugs have been patched in the new app VeraCrypt, an open-source program based on the TrueCrypt code that aims to continue and improve the original project.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.