The buggy software that just won't die quietly. From the same piece of code that brought the web-stopping Heartbleed bug, a new, severe vulnerability in OpenSSL is being reported today.
The new vulnerability is reported as a man-in-the-middle attack (MITM), which is basically like a phone tap where someone breaks into the connection and is able to hear both sides of the conversation. In this case, the entire conversation or encrypted data, can be stolen. And, not just stolen, but the encryption is also broken.
The vulnerability will not be as wide spread as Heartbleed, but it definitely highlights how important it is to take time to perform an internal security audit.
Fortunately, an update is already available.
The OpenSSL team released a critical security update today that patches 6 flaws. 1 of the flaws (CVE-2014-0195) allows remote execution and is the culprit involved in today's reported vulnerability. All versions of OpenSSL are vulnerable to CVE-2014-0195, but this vulnerability only affects DTLS clients or servers.
Full information can be found here: Critical OpenSSL Patch Available. Patch Now!