A free password manager bundled with Windows 10 downloads was discovered to have a critical security vulnerability that allowed attackers to steal passwords.
Making matters worse is that the security issue was already discovered last year. The password manager, however, brought it back.
Keeper Password Manager For Windows 10 Security Issue
The third-party Keeper password manager was bundled with Windows 10 downloads from the Microsoft Developer Network. Unfortunately, in turn, the password manager was bundled with a security problem.
Tavis Ormandy, a researcher for Google Project Zero, discovered a bug with Keeper a year ago that allowed any website to steal passwords from the software. When he found Keeper being bundled with Windows 10, he saw that the security problem had returned.
Ormandy even noted that he felt that he was being generous when he gave the 90-day disclosure deadline for the security issue, as it was not a new one at all. Nevertheless, Keeper quickly responded and has rolled out version 11.4, which will patch up the vulnerability.
Windows 10 users who find that they downloaded Keeper as part of a bundle should not be worried that their passwords were stolen, though. The information would only have become vulnerable if they opened Keeper, trusted the software with their passwords, and went through the instructions in installing the browser add-on.
The issue now is how Microsoft allowed a 16-month-old bug to slip through and be included in software that is bundled with Windows 10. In a statement, the company only said that it was aware of the security issue found in Keeper and that its developer provided the update to fix the problem.
It is unclear if Microsoft's testing process for third-party apps, if there is one, was just unable to catch the bug or if Microsoft does not provide any assurances on the security of third-party apps bundled with Windows 10.
Google Project Zero Exposes iPhone Exploit For iOS 11 Jailbreak
Microsoft is not the only rival company that has recently been a target of Google Project Zero, as an iOS 11.1.2 exploit was released by security researcher Ian Beer.
Beer teased about the iPhone exploit several days ago and kept his promise by releasing it a few days later. The exploit revived interest in iPhone jailbreaks, which gives owners full control of their smartphones.
It is unclear if the code released by Beer played any part in it, but Alibaba security researchers claim that they were able to create an iPhone X untethered jailbreak for iOS 11.2.1.