Tavis Ormandy: exploit in Last Pass 4.1.42

Beware of using the Last Pass: Tavis Ormandy, one of the most prolific members of Google's Project Zero Team, revealed a new security issue at LastPass.

Ormandy said there was a exploit but has not made it public at the moment. Let's remind that Google Project Zero researchers report the vulnerabilities first to the directly interested companies developing the affected products. Companies have 90 days to insure their product, usually by developing a new version, otherwise researchers are releasing the exploit.Tavis Ormandy: exploit in Last Pass 4.1.42

The information is very small until now, as Ormandy has made available through Twitter:

Ωχ, νέο bug στο Last Pass που επηρεάζει την έκδοση 4.1.42 (Chrome&FF). RCE αν χρησιμοποιείτε το “ Component”, διαφορετικά μπορούν να κλέψουν of access. I am preparing a full report.

Αναφέρει ότι η τελευταία έκδοση του LastPass για το και τον Firefox (έκδοση 4.1.42), και ότι το exploit μπορεί να χρησιμοποιηθεί για απομακρυσμένη εκτέλεση κώδικα ή την of passwords.

It later revealed that it has a fully functional exploit that it does not display on Windows, and it's just two lines of code. He also noted that the exploit could work on other platforms.

LastPass also posted a Twitter message stating that she was aware of the issue and that she was working to find a solution.

Shortly after, the company published a second message stating that the issue was resolved.

The issue mentioned by Tavis Ormandy has been resolved. We will provide additional clarifications to our blog soon.

According to the tweet, if you use the Last Pass application, you do not have to do anything except waiting for the announcement of the solution that corrects vulnerability from the company.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).