ryan

ryan (https://hameed.nwar.uk/vb/index.php)
-   اخبار التقنية (https://hameed.nwar.uk/vb/forumdisplay.php?f=16)
-   -   LastPass Working on Security ***** For Browser Extension Vulnerability (https://hameed.nwar.uk/vb/showthread.php?t=2256339)

ahlam1399 03-29-2017 10:28 PM

LastPass Working on Security ***** For Browser Extension Vulnerability
 
LastPass has advised all users of the password manager to launch sites directly from the LastPass vault and enable two-factor authentication wherever possible, until it addresses a vulnerability discovered in LastPass browser extensions.

The client-side vulnerability, discovered by Google security researcher Tavis Ormandy, allows for an attack that is "unique and highly sophisticated", said LastPass in a blog post, without disclosing further details.

http://cdn.macrumors.com/article-new...e-800x210.jpeg
Ah-ha, I had an epiphany in the shower this morning and realized how to get codeexec in LastPass 4.1.43. Full report and exploit on the way. pic.twitter.com/vQn20D9VCy

— Tavis Ormandy (@taviso) March 25, 2017
Over the weekend, Google security researcher Tavis Ormandy reported a new client-side vulnerability in the LastPass browser extension. We are **w actively addressing the vulnerability. This attack is unique and highly sophisticated. We don?t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties. So you can expect a more detailed post mortem once this work is complete.
To secure sign-in credentials in the meantime, LastPass has recommended that users launch sites directly from the vault and make use of two-factor authentication on sites that offer it, while remaining vigilant to avoid phishing attempts.

The news follows the discovery and successful *****ing of earlier remote code execution (RCE) vulnerabilities that could be used to steal passwords from extensions for Firefox, Chrome, Opera, and Edge. Safari was **t mentioned in the original vulnerability alert, while mobile apps were **t affected, but concerned users can follow the advice regardless until LastPass offers further news on the situation.

Tags: LastPass, security

Discuss this article in our forums

http://feeds.feedburner.com/~ff/MacR...?d=6W8y8wAjSf4 http://feeds.feedburner.com/~ff/MacR...?d=qj6IDK7rITs
http://feeds.feedburner.com/~r/MacRu...~4/jSvkHpsUAzw

أكثر...


الساعة الآن 02:49 PM

Powered by vBulletin® Copyright ©2000 - 2026, Jelsoft Enterprises Ltd. TranZ By Almuhajir
This Forum used Arshfny Mod by islam servant