Why is this being published as "new"? Did anyone from Tom's Guide read the research? The LastPass version was 4.1.60, released July 6, 2017.
The posting date of research is less relevant than what's inside the research.
This is old information, and should be removed. Otherwise, Tom's Guide is causing public panic for the sake of cllick-bait metrics.
I disagree, obviously. I don't know why the study authors waited so long to publish, but all of the vulnerabilities mentioned have NOT been patched.
Some of this "old" information is unfortunately still very relevant. One vendor is currently patching the flaws mentioned in the study as a result of the study, and this story, being published.
Before we ran the article, I sent each vendor a link to the study, asked each vendor detailed questions about the vulnerabilities mentioned, and gave each one 24 hours to respond with answers about which vulns had been patched, and which hadn't, and if not, why not.
Some of the vendors were very forthcoming and gave detailed answers. Some weren't, but all of them did respond, and their answers all made it into the original version of the story. You can see a point-by-point rundown of each flaw, and what each vendor is doing or has done about it, right in the body of the story.