Forgot your password?
typodupeerror

+ - Flaws in ZRTPCPP Library Used in Secure Phone Apps->

Submitted by Gunkerty Jeb
Gunkerty Jeb (1950964) writes "A security researcher has uncovered a number of serious vulnerabilities in one of the core security components of several secure telephony applications, including the Silent Circle system developed by PGP creator Phil Zimmermann. The vulnerabilities in the GNU ZRTPCPP library already have been addressed in a new version of the library and Silent Circle has implemented a fix, as well.

ZRTPCPP is a library that implements the ZRTP protocol that Zimmermann and others developed to establish secure sessions over a pre-existing connection. Silent Circle, which sells a cryptographically secure mobile phone application, and several other products implement the ZRTPCPP library, and Mark Dowd of Azimuth Security has identified several vulnerabilities in the library that could give an attacker the ability to get remote code execution. Dowd said that the bugs can be exploited by remote, unauthenticated users."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Flaws in ZRTPCPP Library Used in Secure Phone Apps

Comments Filter:

We all like praise, but a hike in our pay is the best kind of ways.

Working...