A software component for encrypting instant messaging clients has a flaw that could let attackers take over users’ machines, but there’s now a patch for the vulnerability.
The vulnerability is contained in libotr, short for OTR Messaging Library and Toolkit. The up-to-date version is now 4.1.1.
OTR stands for Off-the-Record Messaging. It’s a a cryptographic protocol that scrambles messages sent through clients including Pidgin, ChatSecure and Adium.
