Updated Incident Report for LastPass vulnerability

frogboy

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Incident Report: March 31, 2017 (8:10 PM)

On Saturday, March 25th, security researcher Tavis Ormandy from Google’s Project Zero reported a security finding related to the LastPass browser extensions. In the last 24 hours, we’ve released an update which we believe fixes the reported vulnerability in all browsers and have verified this with Tavis himself.

Most users will be updated automatically. Please ensure you are running the latest version (4.1.44 or higher), which can always be downloaded at LastPass | Password Manager, Auto Form Filler, Random Password Generator & Secure Digital Wallet App.

Now that the issue is resolved, we want to provide a postmortem to our community on what the report entailed and how we are building a better, more secure LastPass going forward. Please note, due to the nature of the vulnerability, this postmortem is highly technical.

Overview

  • This was a client-side vulnerability in the LastPass browser extensions and could be exploited to steal data and manipulate the LastPass extension
  • Exploiting required luring a user to a malicious website (through phishing, spearphishing, or other attack), or to a trusted website running malicious adware
    • This requires a per-user attack that must be executed through the user’s local browser
  • All extensions have now been updated with the fix and submitted to the extension stores
    • Our mobile apps for Android and iOS were not affected.
    Read More. Security Update for the LastPass Extension | The LastPass Blog

 
  • Like
Reactions: SHvFl, Winter Soldier, vindiesel and 13 others
LASER_oneXM

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
thanks for this info ! ....updated my main machine few minutes ago: for me its extremly important to update this kind of
software/tools as soon/fast as possible !
 
  • Like
Reactions: SHvFl, Solarlynx and frogboy
frogboy

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
HarryNguyen0330 said:
And your Cyberfox will be outdated soon, so switch back to Firefox or looking for other popular variants like Waterfox would be better for both security and stability.
Click to expand...
I have giving Waterfox a trial in the last few weeks already. ;) But i will continue to use Cyberfox until it is discontinued. :)
 
  • Like
Reactions: LASER_oneXM and SHvFl
You must log in or register to reply here.

Similar threads

Viking
    • Like
    • +Reputation
    • Wow
Security News Deepfake scam targets password manager LastPass
Replies
1
Views
1,552
Security News
entropism
E
I
    • Like
Serious Discussion Apple Passwords for Mac, iOS and Windows
Replies
3
Views
588
Passwords and passkeys
Ink
I
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Security News Vulnerability in 1Password for Mac lets attacker steal data from password vault
Replies
4
Views
2,467
Security News
Divine_Barakah
Divine_Barakah

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top