“iOS and OS X users can breathe a sigh of relief with the knowledge that their devices are not affected by the catastrophic OpenSSL Heartbleed security flaw — but if they’re using BBM for really private messages on iOS they might want to stop right now,” Liam Tung reports for ZDNet.
“Apple products don’t suffer from the bug that has prompted a fair chunk of the internet to race out patches to fix web servers, security hardware, routers and other products that relied on the OpenSSL implementation of the SSL/TLS standard for secured web communications,” Tung reports. “Heartbleed puts at risk pretty much anything that was protected by OpenSSL encryption, including passwords, private keys, and other sensitive details such as credit card details.”
“BlackBerry has now confirmed that several of its products, including BBM for iOS and Android were affected by the Heartbleed. BBM has about 80 million users,” Tung reports. “Other BlackBerry products affected include its rival to Samsung’s Knox, Secure Work Space for iOS and Android, and BlackBerry Link for Windows and Mac OS. BlackBerry doesn’t have a patch for any of the products yet, but worse yet there are “no mitigations” for the vulnerability in BBM or Secure Work Spaces… Google yesterday confirmed Android 4.1.1, Jelly Bean, was affected by the flaw and it was developing a patch and distributing it to Android partners… According to Google’s Android distribution dashboard 4.1.x accounts for about 35 percent of all Android devices.”
Read more in the full article here.
Related articles:
Apple on ‘Heartbleed’ bug: iPhone, iPad, Mac and iCloud unaffected – April 10, 2014
What to do about Heartbleed, a gaping security hole affecting 66 percent of the Internet (at least) – April 9, 2014