OpenSSL: security update closes critical vulnerabilities


CURRENT FRAUD ALERTS

OpenSSL has vulnerabilities that allow hackers to connect your PC to malicious servers. An update should protect you from this danger.

A new update is available for OpenSSL that protects you. (Source: maxkabakov/depositphotos.com)

Two vulnerabilities that are classified as critical make the use of OpenSSL insecure. When the threat was discovered, those responsible announced that an update for your protection should follow as soon as possible. Now it’s finally here and with the installation prevents hackers from infiltrating and damaging your computer.

The vulnerabilities are identified as CVE-2022-3602 and CVE-2022-3786. According to the OpenSSL advisory, there are problems with the buffer overflow in the parser for X509 certificates. They allow hackers to connect your PC to malicious servers and cause damage. However, trustworthy certificates are required for the attack, which is why the security gaps are no longer classified as “critical” but only as “high”.

Nevertheless, this threat should not be underestimated. In the worst case, if the hackers have the appropriate certificates, they can execute remote code on your computer and the connected servers. You should therefore immediately install the latest version OpenSSL 3.0.7 on your Windows PC or Mac. An update for Linux is still pending. You can find the update on the OpenSSL homepage.

Also interesting…

Don’t miss anything with the NETWORK-Newsletter

Every Friday: The most informative and entertaining summary from the world of technology!



Source link -67