1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Patch closes security hole in messaging encryption tool

Discussion in 'CSO' started by RSS, Mar 11, 2016.

  1. RSS

    RSS New Member Member

    A software component for encrypting instant messaging clients has a flaw that could let attackers take over users' machines, but there's now a patch for the vulnerability.

    The vulnerability is contained in libotr, short for OTR Messaging Library and Toolkit. The up-to-date version is now 4.1.1.

    OTR stands for Off-the-Record Messaging. It's a a cryptographic protocol that scrambles messages sent through clients including Pidgin, ChatSecure and Adium.

    The integer overflow flaw was found by Markus Vervier of the German company X41 D-Sec, which released an advisory.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page