1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Newly found TrueCrypt flaw allows full system compromise

Discussion in 'CSO' started by RSS, Sep 29, 2015.

  1. RSS

    RSS New Member Member

    Windows users who rely on TrueCrypt to encrypt their hard drives have a security problem: a researcher has discovered two serious flaws in the program.

    TrueCrypt may have been abandoned by its original developers, but it remains one of the few encryption options for Windows. That keeps researchers interested in finding holes in the program and its spin-offs.

    James Forshaw, a member of Google's Project Zero team that regularly finds vulnerabilities in widely used software, has recently discovered two vulnerabilities in the driver that TrueCrypt installs on Windows systems.

    The flaws, which were apparently missed in an earlier independent audit of the TrueCrypt source code, could allow attackers to obtain elevated privileges on a system if they have access to a limited user account.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page