Skip to main content

OpenSSL Vulnerability Not 'Critical' Anymore

posted onNovember 1, 2022
by l33tdawg
Gov Infosecurity
Credit: Gov Infosecurity

Much-anticipated vulnerabilities in an open source cryptography library used for digital certificates aren't as dire as feared, with the open source foundation behind the application downgrading its severity from "critical" to "high."

The last time the OpenSSL team, which maintains an application ubiquitous in connected devices for encrypting and decrypting data as it travels across networks, announced a critical patch, it was in 2014 and the vulnerability was Heartbleed.

Security teams primed for a slog of emergency patching today instead are reacting with relief. "I don't think we'll be doing overtime this afternoon," said Chester Wisniewski, Sophos principal research scientist. OpenSSL warned last Tuesday's it would issue impending critical patch today. Major web browsers including Google's Chrome and the Mozilla Foundation's Firefox stopped using OpenSSL after Heartbleed, with Google migrating to a fork it dubbed BoringSSL. Other versions of SSL appear unaffected.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th