Cybersecurity in the news
Critical Vulnerability Fix: OpenSSL version 3.0.7 to fix highest severity issue announced since 2014
According to HelpNetSecurity: "The OpenSSL Project team has announced that, on November 1, 2022, they will release OpenSSL version 3.0.7, which will fix a critical vulnerability in the popular open-source cryptographic library (but does not affect OpenSSL versions before 3.0).
No details have been shared with the public about the vulnerability and, according to OpenSSL core team member Mark J. Cox, attackers are unlikely to ferret out the vulnerability before the fixed version is widely deployed. “Given the number of changes in 3.0 and the lack of any other context information, [attackers successfully scouring the commit history between 3.0 and the current version] is very highly unlikely,” he opined."
Read the full article here: https://www.helpnetsecurity.com/2022/10/26/openssl-3-0-7-vulnerability-critical-fix/
There are no CVE details on this vulnerability at this time. This is an early notification.
Want to stay ahead of threats? Lucky you: we launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.
|