Vulnerabilities found in code library used by encrypted phone call apps

Vulnerabilities found in code library used by encrypted phone call apps: ZRTPCPP, an open-source library that’s used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have enabled arbitrary code execution and denial-of-service attacks, according to researchers from security firm Azimuth Security.

ZRTPCPP is a C++ implementation of the ZRTP cryptographic key agreement protocol for VoIP (voice over IP) communications designed by PGP creator Phil Zimmermann.