The Heartbleed flaw discovered in OpenSSL was one of the worst web vulnerabilities in history, but believe it or not it may have already been dethroned.
Even more incredible is the fact that once again, OpenSSL may be to blame.
The "CCS Injection Vulnerability" was discovered by Tatsuya Hayashi, who said it "may be more dangerous than Heartbleed," according to The Guardian.
Attackers can reportedly use this weakness to intercept and even alter data passing between computer and websites in a classic man-in-the-middle maneuver as long as they're on the same network, like a public Wi-Fi hub.
- These are the best SSL certificate services (opens in new tab) on the market
The flaw was reportedly introduced into the OpenSSL encryption standard 16 years ago, when OpenSSL was introduced in 1998, but it's only just been discovered.
It affects all past versions of OpenSSL and servers running OpenSSL 1.0.1 or the beta version for 1.0.2.
Meanwhile it's not even the only flaw to be uncovered this week; another allowed hackers to send malicious code to machines running OpenSSL. This flaw was reportedly added four years ago by Robin Seggelmann, the same dev who created Heartbleed.
The OpenSSL open source project has already issued a patch, but this newest discovery has nevertheless revived the question of whether it's time to kill OpenSSL once and for all.
- You may want to check TechRadar's list of the best free antivirus software