Patch closes security hole in messaging encryption tool
A software component for encrypting instant messaging clients has a flaw that could let attackers take over users’ machines, but there’s now a patch for the vulnerability.
The vulnerability is contained in libotr, short for OTR Messaging Library and Toolkit. The up-to-date version is now 4.1.1.
OTR stands for Off-the-Record Messaging. It’s a a cryptographic protocol that scrambles messages sent through clients including Pidgin, ChatSecure and Adium.
The integer overflow flaw was found by Markus Vervier of the German company X41 D-Sec, which released an advisory.
To read this article in full or to leave a comment, please click here
Read more: Patch closes security hole in messaging encryption tool
Story added 11. March 2016, content source with full text you can find at link above.