TrueCrypt is still available for download – but is recommended only if you are migrating data on drives encrypted by TrueCrypt. VeraCrypt has proved itself to be a solid fork with regular maintenance, and this latest revelation shows the importance of using the most recent versions of any security software.
Since the software was dropped, researchers have discovered that it contains numerous security vulnerabilities, and two new flaws have been found that allow an attacker to gain elevated privileges.
The need to move on from Truecrypt is now more pressing thanks to the discovery of two severe security flaws in the program by James Forshaw, a member of Google’s Project Zero security team.
The bugs leave open the possibility of hackers hijacking computer processes that can lead to full administrator privileges, which opens up the possibility of malware, surveillance and other malicious processes. Google’s James Forshaw said on Twitter which the miss was at easy to understand, while: “iSec stage a review examined this kind of system but Windows policyholders are challenging animals (and) straight forward…” Maybe they contributed to it, but it would seem likely that there are other security concerns that may have yet to be discovered in the code base.
Since TrueCrypt is no longer actively maintained, the bugs won’t be fixed directly in the program’s code.
It relates to abuse of drive letter handling and incorrect impersonation token handling.
There are still many users of TrueCrypt or VeraCrypt, because it’s one of the few free options they have for encrypting their entire hard disks, including the Windows system partition.
Users who still use TrueCrypt should switch to VeraCrypt as soon as possible.