development

OpenSSL will provide a patch for a critical vulnerability

OpenSSL will provide a patch for a critical vulnerability

OpenSSL announced a patch which will be released tomorrow, to cover a critical vulnerability. This is just the second such security flaw in eight years. The previous one was Heartbleed (CVE-2014-0160) - a bug that allowed to read the memory of the exposed devices and compromise the secret keys, allowing to steal the data from services and users.


The OpenSSL team announced that the new version of the software, 3.0.7, will become available on Tuesday, the 1st of November 2022, between 13:00 and 17:00 UTC. In addition, the team announced a bugfix release 1.1.1s, which will become available the same day. The severity of the issue that is being addressed is marked as critical.


Currently, there is no detailed information since additional data may help threat actors understand how to abuse it before the patch is available. So, the OpenSSL team decided to announce the scheduled release beforehand to let the IT teams start preparing and, simultaneously, leaving no chance to have this flaw used.


Also, as mentioned by a core member of the OpenSSL team, Mark J. Cox, it is doubtful that threat actors will be able to find information on how to use the vulnerability, given the number of changes in 3.0 and the lack of any other information.


Still, it is crucial to implement the patch on your environment as soon as possible if you’re using OpenSSL.


Image Credit: Photo by Chris Lynch on Unsplash

Reading next

Python 3.11 is available and contains great improvements
Reviews serve as an essential aid to online purchases

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.