Tuesday, October 14, 2014

Truly scary SSL 3.0 vuln to be revealed soon: sources

Gird your loins, sysadmins: The Register has learned that news of yet another major security vulnerability - this time in SSL 3.0 - is probably imminent.


Maintainers have kept quiet about the vulnerability in the lead-up to a patch release expected in in the late European evening, or not far from high noon Pacific Time.


Details of the problem are under wraps due to the severity of the vulnerability.


To that end it is unknown what platforms were impacted, but as SSL is very widely used any flaw will require plenty of urgent attention ... and probably be unwelcome news to a tech community already reeling from the recent Shellshock vulnerability in Bash and the Heartbleed flaw.


The SSL flaw won't be the only thing keeping security bods and system administrators busy. A dangerous worm has been discovered exploiting a zero-day flaw (CVE 2014-4114) in all versions of Microsoft Windows and Server 2008 and 2012.




No comments:

Post a Comment