Today, the OpenSSL Project released patches for two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections. The vulnerabilities (tracked as CVE-2022-3602 and CVE-2022-3786) affect OpenSSL version 3.0.0 and later and have been addressed in the latest version OpenSSL 3.0.7.
Due to how foundational OpenSSL is to a secure web, this patch is a priority update for any organization that relies on this cryptographic library. OpenSSL suffered from a vulnerability with a similar scope, Heartbleed in 2014, and the organization executed a similar rollout effort. However, many organizations did not prioritize that patch and their networks were quickly targeted by threat actors. Read more at SentinelOne or at BleepingComputer.