New Bugs Discovered in Software That Caused 'Heartbleed' Attack

Jun 06, 2014 05:14 PM EDT | Matt Mercuro

Security researchers have discovered new bugs in the web encryption software that caused the pernicious "Heartbleed" threat that popped up in April, according to Reuters.

The vulnerabilities in OpenSSL could allow hackers to spy on communications, according to Reuters. The experts said it doesn't seem to be as serious as "Heartbleed" though.

The new bugs were announced on June 5, after the group responsible for developing the software released an OpenSSL update that contains seven security repairs.

OpenSSL technology is used on about two-thirds of all websites, including ones run by: Facebook, Google, Yahoo, and Amazon. It also incorporated into thousands of technology products from companies like Hewlett-Packard, Oracle, Intel, and IBM.

The websites and technology firms that use OpenSSL technology should install the update on their systems as soon as possible, according to Reuters.

It could take weeks because companies need to test systems to make sure they are compatible with the update first.

"They are going to have to patch. This will take some time," said Lee Weiner, senior vice president with cybersecurity software maker Rapid7, according to Reuters.

The "Heartbleed" bug that surfaced two months ago when it was disclosed that the flaw potentially exposed users of those websites and technologies to attack by hackers.

This prompted fear that hackers might have compromised large numbers of networks without them even knowing.

The newly discovered bugs are "more difficult" to exploit than "Heartbleed," according to Reuters.

See Now: OnePlus 6: How Different Will It Be From OnePlus 5?

© 2021 Auto World News, All rights reserved. Do not reproduce without permission.
Get the Most Popular Autoworld Stories in a Weekly Newsletter

Join the Conversation

Real Time Analytics