Nasty SSL 3.0 vuln to be revealed soon – sources
Gird your loins, sysadmins: The Register has learned that news of yet another security vulnerability – this time in SSL 3.0 – is probably imminent.
Maintainers have kept quiet about the vulnerability in the lead-up to a patch release, which is expected in in the late European evening, or not far from high noon Pacific Time.
Details of the problem are under wraps, purportedly due to the severity of the vulnerability. El Reg cannot confirm whether or not it is indeed a serious bug as we have not received details of the vuln.
To that end, it is unknown what platforms were impacted, but as SSL is very widely used, any flaw will require plenty of urgent attention – and probably be unwelcome news to a tech community already reeling from the recent Shellshock vulnerability in Bash and the Heartbleed flaw.
The SSL flaw won’t be the only thing keeping security bods and system administrators busy. A dangerous worm has been discovered exploiting a zero-day flaw (CVE 2014-4114) in all versions of Microsoft Windows and Server 2008 and 2012.