Two serious security vulnerabilities have been discovered in the TrueCrypt encryption tool for Windows that could expose the user's data to attackers if exploited.
Even after being abandoned by its developers, TrueCrypt has been appearing in the news due to new vulnerabilities being discovered in the software from time to time. James Forshaw, a researcher from Google's 'Project Zero' team has found the latest pair of flaws in the software's code that could allow "privilege elevation", resulting in hackers getting complete access to user's data.
Last year, an audit of the Windows version of TrueCrypt was conducted to verify whether it contained any backdoors. The audit revealed a bunch of vulnerabilities in the software's code rated from low to medium. However, the latest security flaws are said to be of "critical" rating and were probably missed by the auditors due to the complex nature of Windows drivers as noted by Forshaw.
Veracrypt, a fork of TrueCrypt, has been patched against the vulnerabilities. However, the flaws haven't been disclosed by Forshaw as he prefers to wait for a week after a patch has been released to reveal them.
Users who are still using TrueCrypt or an unsupported variant of the software should move to a reliable tool soon, as there is no telling how many more vulnerabilities will be discovered in the software in the future.
Source: Threatpost | Key photo via Shutterstock
17 Comments - Add comment