team OpenSSL project Launched Tuesday, 1 thissecurity updatefixes a critical vulnerability in core encryption functions. Due to the risks associated with the malfunction, no further details regarding this have yet been disclosed.
According to the initiative, this bug affects the most common settings of the code library, paving the way for cybercriminals to exploit vulnerabilities. In this case, large-scale leaks of private keys or sensitive user informationcauses various losses.
The problem is affecting OpenSSL 3.0 and lateris used to provide secure communication over the internet. According to Lotem Finkelstein, director of threat intelligence and research at Check Point Software, this flaw was discovered last month. put the tech community on high alert.
“The critical vulnerability in OpenSSL has the potential to shake the foundations of the encrypted internet and the privacy of all of us. This is a really big problem,” warned the expert. The company said it is monitoring the situation and monitoring the progress of the fix.
Instant update
According to the cybersecurity firm, all companies using OpenSSL should update immediately. After installing the new file package, the version will be changed to: OpenSSL 3.0.7containing the fix for security vulnerabilities CVE-2022-3602 and CVE-2022-3786causing the problem.
It is also recommended to check where codes are used in enterprise systems to prioritize critical areas in this update. As the library is widely used in online services, installing a security patch to eliminate bugs has become an urgent measure to prevent damage from potential cyber attacks.
Details about the update can be found on the OpenSSL website.
Source: Tec Mundo
