Cyber Security News

LastPass Vulnerability Fixed

August 02, 2016

LastPass has fixed a vulnerability in its password vault product that could be exploited to remotely hijack user accounts. Devices could be compromised if users visit maliciously crafted websites. LastPass has pushed out a fix for the flaw to Firefox users running LastPass 4.0. 

 

Editor's Note

[Jake Williams]
A far more serious LastPass vulnerability was recently discovered and fixed. Just like any other software your password managers must be updated to patch known vulnerabilities. Even with these recent disclosures, using a password manager is still far better than not using one.


[Brian Honan]
Kudos to LastPass on addressing the security bugs but a timely reminder that not all software, even security software, is secure. We need to ensure we use all additional features such as two-step verification to lock down these critical type of applications. Despite the reported bugs LastPass, and any other password managers, are still much better than reusing the same password across multiple systems.
 
Read more in:
-  The Register: Zero day hole can pwn millions of LastPass users, all that's needed is a malicious site

-  ZDNet: LastPass unpatched zero-day vulnerability gives hackers access to your account

-  Computerworld: Flaw with password manager LastPass could hand over control to hackers

-  CNET: Big security bug fixed by LastPass password manager

-  LastPass Blog: LastPass Security Updates

Share this news story

View More Cyber Security News


Page last modified August 2, 2016
Report a problem with this page