Flaws In ZRTPCPP Library, Used In Secure Phone Apps 42
Gunkerty Jeb writes "A security researcher has uncovered a number of serious vulnerabilities in one of the core security components of several secure telephony applications, including the Silent Circle system developed by PGP creator Phil Zimmermann. The vulnerabilities in the GNU ZRTPCPP library already have been addressed in a new version of the library and Silent Circle has implemented a fix, as well. ZRTPCPP is a library that implements the ZRTP protocol that Zimmermann and others developed to establish secure sessions over a pre-existing connection. Silent Circle, which sells a cryptographically secure mobile phone application, and several other products implement the ZRTPCPP library, and Mark Dowd of Azimuth Security has identified several vulnerabilities in the library that could give an attacker the ability to get remote code execution. Dowd said that the bugs can be exploited by remote, unauthenticated users."
Re:Remote code exploit in Crypto (Score:0, Informative)
There may be more such bugs; its hard to know.
Languages like Python, Go, Java or Rust would have prevented bugs like that for the most part.
So you wouldn't really be better off, if you were using one of those languages.