OpenSSL has released security updates to address vulnerabilities in previous versions. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.
Available updates include:
OpenSSL 1.1.0a for 1.1.0 users
OpenSSL 1.0.2i for 1.0.2 users
OpenSSL 1.0.1u for 1.0.1 users
Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.
After the iPhone encryption battle between Apple and the FBI, Apple was inspired to work toward making an unhackable future iPhones by implementing stronger security measures even the company can’t hack.
Even at that point the company hired one of the key developers of Signal — one of the world’s most secure, encrypted messaging apps — its core security team to achieve this goal.
The NtLoadKeyEx system call allows an unprivileged user to load registry hives outside of the RegistryA hidden attachment point which can be used to elevate privileges.
RSA Identity Governance and Lifecycle is affected by an information disclosure vulnerability that potentially could be exploited by a malicious user to read certain details of other users in the system. RSA Identity Management and Governance versions prior to 6.8.1 P25 and 6.9.1 P15 are affected. Also affected are RSA Via Lifecycle and Governance versions prior to 7.0.0 P04.
