LastPass,Bad Detective: Food Chain [Uncut] the online service that keeps your passwords safe behind one master password, is currently not nearly as secure as it should be.
According to Google's vulnerability researcher Tavis Ormandy, there's at least one unpatched vulnerability in LastPass that allows attackers to steal passwords "from any domain."
SEE ALSO: Change this security setting on WhatsApp right nowOrmandy recently reported a few other LastPass bugs, including vulnerabilities in the LastPass add-ons for Firefox and Chrome.
I found another bug in LastPass 4.1.35 (unpatched), allows stealing passwords for any domain. Full report will be on the way shortly. pic.twitter.com/9VkV7R3vud
— Tavis Ormandy (@taviso) March 21, 2017
One security vulnerability, described in detail by Ormandy here, not only allows for an attacker to steal passwords, but -- in certain circumstances -- it can also be used to run arbitrary code on the victim's computer.
On Tuesday, LastPass announced that that particular issue has been resolved, but on Wednesday, the company acknowledged that there is an unpatched bug in its Firefox add-on.
The issue reported by Tavis Ormandy has been resolved. We will provide additional details on our blog soon.
— LastPass (@LastPass) March 21, 2017
We are aware of reports of a Firefox add-on vulnerability. Our security is investigating and working on issuing a fix.
— LastPass (@LastPass) March 22, 2017
Replying to a commenter to Tuesday's tweet, LastPass said that users needn't do anything at this point. However, the company still hasn't published anything on its official blog regarding these new security holes.
While no software is safe from security holes, vulnerabilities that affect password managers such as LastPass are particularly worrisome, as these services safeguard users' entire password collections. Especially when they come in droves, as they do these days.
This is not the first serious security issue LastPass has encountered. The service got hacked in 2011 and again in June 2015. And in 2013, a bug caused some users' Internet Explorer passwords to get exposed to the public.
UPDATE: March 22, 2017, 6:52 p.m. CET LastPass responded to our query by pointing us to their freshly published blog post, here. In the post, the company says it has worked with Ormandy to investigate and fix these vulnerabilities. The company claims it has fixed all issues now, and patches will be applied automatically for most users. According to LastPass, there is no indication that any of these vulnerabilities were exploited in the wild. The company vowed to provide a more comprehensive overview of these vulnerabilities, as well as its efforts to fix them and prevent further issues, in the future.
Topics Cybersecurity
The best early Prime Day outdoor deals: Yeti, Stanley, Jackery, and more
'Quordle' today: See each 'Quordle' answer and hints for January 8
Donald Trump goes after Chrissy Teigen on Twitter, gets brutally shut down
Google announces 'uninterrupted listening' on Android at CES
Best robot vacuum deal: Save $350 on the Eufy X10 Pro Omni
Wordle today: Here's the answer, hints for January 9
Shane Gillis dropped by 'SNL' over racist and homophobic comments
CES 2023: Panasonic announces car air purifier and Amazon Alexa interoperability
Miami Heat vs. Brooklyn Nets 2025 livestream: Watch NBA online
Mark Ruffalo smashes Boris Johnson's attempt to compare the Hulk with Brexit
Man City vs. Real Madrid 2025 livestream: Watch Champions League for free
CES 2023: Garmin's LTE dash camera is always on
Picsart's new SketchAI app is transforming images into digital art
'M3GAN' surprisingly dominates at the box office
VidCon 2025: Creators share their mistakes and lessons learned
LG shows off a color
Mark Ruffalo smashes Boris Johnson's attempt to compare the Hulk with Brexit
TCL's RayNeo X2 will translate conversations right before your eyes
SpaceX is so close to turning its rocket headquarters into an actual city
Shawn Mendes and Camila Cabello join the summer of sloppy kisses
Beyond Harlem: The Other Black RenaissanceA Private LiteratureAn Inspired Theft by Ann BeattieThe Epic, Neglected Vision of Joan MurrayTwo Thousand Pieces of Subway Ephemera"What Does Your Husband Think of Your Novel?"A ‘Walden’ for the YouTube AgeThe Questionable History of the FutureStaff Picks: Tattoos, Death Grips, and Love LettersThe Academic’s Guide to AcademeseRedux: Pevear and Volokhonsky, Connell, CoakleyStaff Picks: Sinners, Slavery, and ShultsSave 45% on the Anker Solix C1000 portable power stationRedux: Benjamin Nugent, Rowan Ricardo Phillips, and MoreA Private LiteratureGabriel García Márquez’s Road Trip Through Alabama by Caleb JohnsonNicanor Parra, the AlphaTen Things I Learned from Ursula K. Le GuinRaising a Glass to Fred Bass, the Strand’s Iconic OwnerArthur Miller’s Sassy Defense of the NEA Best TV deal: Save 41% on the Hisense U8N TV 'Are We Dating the Same Guy?' Facebook group lawsuit dismissed Best JBL deal: Save $10 on JBL Go 4 at Amazon Coinbase confirms data breach with hackers demanding $20 million ransom Sonny Angel and Casetify are back with another cheeky, whimsical collab Best espresso machine deal: Save 31% on the De'Longhi Magnifica Evo NYT mini crossword answers for May 14, 2025 Apple's new CarPlay Ultra detailed on video How Aden Wang makes viral DIY content without quitting his day job Best Apple deal: Save $70 on Apple Watch Series 10 (GPS, 46mm) Best Apple deal: Save $19 on AirTag 4 Save 55% on the Anker 525 charging station How Android 16 will fight scams for you Wordle today: The answer and hints for May 15, 2025 NYT mini crossword answers for May 16, 2025 Best water flosser deal: Save $30 on Waterpik Cordless Advanced The Panasonic MultiShape drops to $170 in May 2025. It's my favorite grooming tool. ZTE's new U.S. Summer TV preview: All the TV shows you need to know, and where to stream them Best free online courses from MIT
0.9519s , 8230.6640625 kb
Copyright © 2025 Powered by 【Bad Detective: Food Chain [Uncut]】,Unobstructed Information Network