LastPass Patches IE Security Flaw


Password manager LastPass recently released an update, which includes a fix for a vulnerability in the LastPass add-on for Internet Explorer (h/t Sophos).

According to a company blog post, "[I]f you were logged into the LastPass IE extension version 2.0.20 site passwords were potentially accessible in a memory dump."

The issue only affected users of Internet Explorer, and the data would have been cleared from memory as soon as the browser session ended. "The scope of the issue is minimal, but privacy and security of our users’ data is paramount," the company stated. "Malware is essentially the only way this could be exploited and we continue to encourage you to utilize anti-malware to protect your data."

If you've been using the LastPass Internet Explorer extension prior to this update, Sophos' Paul Ducklin advises changing your passwords as a precaution.