New OpenSSL vulnerability to be disclosed this week

2015-07-06_OpenSSL

CORPORATE

The OpenSSL Project announced that a new “high” severity vulnerability will be disclosed on Thursday, July 9. Full details of the vulnerability have not been disclosed publicly, in line with standard, zero-day procedures, but organizations should be prepared to take immediate action for a vulnerability of this severity.

OpenSSL is used to secure the connection between the Silo client app and the user's virtual browser running in our secure container.

Authentic8 patches OpenSSL vulnerabilities as soon as they are disclosed, and all users benefit immediately. We also employ outside firms to test our service regularly for vulnerabilities. Examples of vulnerabilities in critical infrastructure (such as OpenSSL and Bash) that have been addressed for customers include: Heartbleed, FREAK, POODLE, and Shellshock.

We will announce our response and any potential user impact when the vulnerability is fully disclosed on Thursday.