Android 4.1.1 Still Vulnerable to Heartbleed
While Google has applied patches to many of its top products in response to the Heartbleed bug, Android 4.1.1 is still vulnerable, according to the search giant.
In a blog post, Matthew O'Connor, a Google product manager, said the company has applied patches to "key Google services" such as Search, Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine and Earth."
He also said that "all versions of Android are immune" to the bug - except Android 4.1.1. "Patching information for Android 4.1.1 is being distributed to Android partners," O'Connor wrote.
About 34.4 percent of Android users are running some version of Android 4.1 (4.1.x), according to recent Google stats. But the company did not break out exactly how many are specifically on Android 4.1.1.
"We will continue working closely with the security research and open source communities, as doing so is one of the best ways to know how to keep our users safe," O'Connor wrote.
Meanwhile, BlackBerry is reportedly working to offer users a fix, telling Reuters on Sunday that it plans to release BBM Messaging software security updates for Android and iOS devices by Friday.
The Heartbleed bug was revealed early last week by a team of researchers from Google Security and Codenomicon. But it actually dates back to December 2011, when a German programmer accidentally release the bug via a harmless update.
That update, submitted at 11:50 p.m. on Dec. 31, 2011, enabled Heartbeat in OpenSSL, but also gave way to Heartbleed, which has laid bare encrypted data and opened the world's largest library of personal information to scammers. Robin Seggelmann, the programmer responsible for the bug, last week copped to his mistake, saying Heartbleed was not more than an "oversight."
0 comments:
Post a Comment