Libotr patch closes security hole in messaging encryption tool
A software component for encrypting instant messaging clients has a flaw that could let attackers take over users’ machines, but there’s now a patch for the vulnerability.
The vulnerability is contained in libotr, short for OTR Messaging Library and Toolkit. The up-to-date version is now 4.1.1.
OTR stands for Off-the-Record Messaging. It’s a a cryptographic protocol that scrambles messages sent through clients including Pidgin, ChatSecure and Adium. The integer overflow flaw was found by Markus Vervier of the German company X41 D-Sec, which released an advisory.