VeraCrypt 1.15 fixes two recently reported TrueCrypt vulnerabilities

Yesterday’s update of the encryption software VeraCyrpt fixed two vulnerabilities that security researcher James Forshaw discovered in TrueCrypt’s source code.

TrueCrypt, which has been abandoned by its developers, is still widely used. This can be attributed largely to convenience and that the software’s security audit did not turn up major critical vulnerabilities in the program.

The audit did find some issues which the VeraCrypt developers fixed (mostly) in previous updates.

VeraCrypt, which is based on TrueCrypt code but still under active development, is one of several alternatives for TrueCrypt users who are looking for alternatives for the abandoned program.

mod apk

The two vulnerabilities fixed in VeraCrypt 1.15 are:

  • CVE-2015-7358 (critical): Local Elevation of Privilege on Windows by abusing drive letter handling.
  • CVE-2015-7359: Local Elevation of Privilege on Windows caused by incorrect Impersonation Token Handling.

Both appear to be local attacks meaning that attackers need to gain local access to the PC to exploit them. While that is the case, it is certain that TrueCrypt won’t be updated to fix these issues in the software which in turn means that TrueCrypt remains vulnerable to attacks exploiting them.

veracrypt 1.15

This in turn means that TrueCrypt users need to decide whether it is time to move to another encryption software or keep using the vulnerable TrueCrypt.

VeraCrypt is one candidate for making the switch, especially since it can convert TrueCrypt containers and non-system partitions to the format it supports. The software can mount TrueCrypt volumes furthermore so that it is possible to switch to it without making any changes to the system provided that the system partition has not been encrypted using TrueCrypt.

The easiest way to deal with it is to decrypt it using TrueCrypt before you encrypt it again from within VeraCrypt.

Other feature additions in VeraCrypt 1.15 and 1.14 include support for a volume expander in the Traveler Disk Setup, a regression fix in mounting of favorite volumes at user login, and options to verify a created rescue disk ISO image file.

It seems to be time to abandon TrueCrypt for good as it is likely that additional vulnerabilities will be found in the software in the future.


Article Name

VeraCrypt 1.15 fixes two recently reported TrueCrypt vulnerabilities


Martin Brinkmann


The most recent VeraCrypt update to version 1.15 fixes two recently discovered vulnerabilities in the encryption software TrueCrypt.

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook, Twitter or Google+

You are here: Home > Security > VeraCrypt 1.15 fixes two recently reported TrueCrypt vulnerabilities

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at