VeraCrypt not only enhances security over the original TrueCrypt through an increased iterations count, but it also solves all the serious security issues and weaknesses discovered so far in the source code. A good list of these weaknesses can be found in the https://opencryptoaudit.org/reports/iSe ... ssment.pdf

We have documented these security changes in the git commits. The important ones start with "Windows vulnerability fix" and "Static Code Analysis".
I'll use the list if the Open Crypto Audit project :

Weak Volume Header key derivation algorithm: fixed since the birth of VeraCrypt. As of 2014, any security professional will tell you that PBKDF2 should be used with a minimum of 10000 iteration for a high security, combined with a strong password. The 1000 count comes from 2004 and it is outdated, and that's why the Open Crypto Audit placed it as the first vulnerability. In VeraCrypt, we choose since 2013 a very high iterations count to meet the increasing security requirements, hopefully for the next 10 years.
Multiple issues in the bootloader decompressor : fixed in git and it will be released in version 1.0f. This was very challenging because of the size requirements of the bootloader. We had to optimize the code size of many part in order to make room for the modifications of the decompressor.
Windows kernel driver uses memset() to clear sensitive data: fixed since version 1.0e
TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG kernel pointer disclosure: fixed since version 1.0e
IOCTL_DISK_VERIFY integer overflow: fixed since version 1.0e
MainThreadProc() integer overflow: fixed since version 1.0e
MountVolume() device check bypass: fixed since version 1.0e
GetWipePassCount() / WipeBuffer() can cause BSOD: fixed since version 1.0e

Moreover, the VeraCrypt source code has ben checked using two static code analyzer tools and they reported many issues that were solved (commits starting with "Static Code Analysis"). One of the most time consuming part was the complete rewrite of string manipulation code in order to use Safe String functions instead of the vulnerable string.h ones (both in user mode and kernel mode). Other fixes included :

correcting memory leaks
fixing potential overflow when parsing language file that can exploited.
fixing non-absolute DLL/process loads that can be hijacked (Microsoft Security Advisory 2269637).

While we inherited much of the code of TrueCrypt, we have introduced many modifications and corrections that enhances the overall security with a big margin. Of course, most of these modifications are invisible to the general user but security experts can easily checks the current state of the code and validate our approach.

I'm taking this opportunity to announce that we have been able to implement SHA-256 key derivation for system boot encryption (200 000 iterations). TrueCrypt has been always supporting only RIPEMD-160 for system partition encryption and this clearly needed an upgrade because of the aging RIPEMD-160 even if no public attack exists for it. Because of different limitations in the boot loader (code size, memory), this was not an easy task and we had to introduce optimizations and new bootloader management in the VeraCrypt formating program in order to be able to support RIPEMD-160 and SHA-256 at the same time.

Starting from version 1.0f, VeraCrypt can load TrueCrypt volume.