Opera 12.17 is out

News

In light of the recently reported OpenSSL vulnerability, Heartbleed, Opera has released an update to its latest Opera Presto version 12.16.

SigbjØrn Vik an Opera Developer discusses why the update was necessary:

Even though Presto does not use any vulnerable parts of OpenSSL, the standalone autoupdater for Opera 12 on Windows does. However, the autoupdater will only connect to our server, and close the connection if the certificate does not validate, so the certificate holders are the only ones who can abuse it. If someone should have stolen our certificate with a heartbleed attack against our servers, they might potentially use it against the autoupdater. The autoupdater runs in a separate process, and doesn’t have much memory to leak, but might potentially leak system information in such a case, such as local username on Windows machines.

Opera 12 for Windows will update itself automatically. Mac and Linux are not affected, and will not receive a 12.17 update.

Published by Matilda Cowling

Comments are closed.