Vendors slow to patch OpenSSL vulnerabilities
Several key technology vendors are yet to fully patch against the OpenSSL cryptographic library used to secure networked communications, a leading Australian security researcher has warned.
The Heartbleed vulnerability in OpenSSL, first revealed to the public in April this year, makes it possible for attackers to tap into what was thought to be secure, encrypted communications unnoticed.
After a more thorough audit of the open source crypto library, further vulnerabilities were discovered that could lead to denial of service attacks and arbitrary code execution. The list of products affected by the OpenSSL vulnerabilities is long and deep, ranging from servers to clients, database backup systems and printers; mobile phones, hypervisors - almost any IT product or service conceivable.