............ Have a nice day............

Friday, 25 April 2014

Updated Opera browser will block Heartbleed vulnerabilities

It seems all browsers have decided to tackle the biggest heartache of the online world - Heartbleed, the new-found OpenSSL bug! Opera web browser is all set to fight this bug that has caused worry for all internet-based commercial as well as other websites. Opera chose to include its ‘bug-fighting’ feature in its new versions, Opera 12.17.
Heartbleed
In an earlier security blog, Opera mentioned about Heartbleed,
“The Presto engine used in Opera 12 and older does use OpenSSL, but not the features of OpenSSL which contained the vulnerability. Hence Presto is not vulnerable, on any platform. This includes Opera Mini and Opera Mail, which use Presto. Opera Mini encryption between the client and proxy is also unaffected. Opera 14 and higher runs on Chromium, Desktop versions do not use OpenSSL. Android versions do, but not the features which contained the vulnerability. Coast by Opera only uses OpenSSL for certification information, not any parts of the vulnerable code. So the short version is that Opera products are not vulnerable. Opera will of course use plugins, and may also use or call system functions or libraries, so even if you are using Opera, you should still make sure your system is secured and up to date.”


The new version of Opera that has the ability to block Heartbleed bug is known as Opera 12.17. In the latest blog that talks about Opera 12.17, Opera’s team mentions that,
“The standalone auto updater for Opera 12 on Windows was vulnerable to a Heartbleed attack from someone who would be in possession of a valid Opera certificate. While fixing this, we also found another issue with our auto update on Windows which might be exploited by someone in possession of such a certificate. Successful exploitation, which would require using a third, unrelated bug on Windows, could allow a mischievous man in the middle to run arbitrary code on the computer. Opera 12.17 is therefore a recommended security upgrade on Windows. While it is unlikely that someone has gained access to a certificate of ours, we cannot rule out that some foreign intelligence agency has done so, and we want to be on the safe side.”
Those who are using Opera 12 for Windows need not worry, because it will update itself automatically. The Linux and Mac versions of Opera 12 are anyway not affected by Heartbleed hence they will not receive a 12.17 update.

No comments:

Post a Comment