Critical flaws found in open-source encryption software VeraCrypt
A new security audit has found critical vulnerabilities in VeraCrypt, an open-source, full-disk encryption program that’s the direct successor of the widely popular, but now defunct, TrueCrypt.
Users are encouraged to upgrade to VeraCrypt 1.19, which was released Monday and includes patches for most of the flaws. Some issues remain unpatched because fixing them requires complex changes to the code and in some cases would break backward compatibility with TrueCrypt.
However, the impact of most of those issues can be avoided by following the safe practices mentioned in the VeraCrypt user documentation when setting up encrypted containers and using the software.