Heartbleed flaw is the argument that most of all is capturing the attention of the media in this period, billions of users worldwide have been impacted, there are thousands solutions affected by the vulnerability. Just yesterday I wrote about the impact of Heartbleed vulnerability publicly disclosed by two giants of the IT, CISCO and BlackBerry, which informed their customers that different solution are affected by the threatening flaw. As reported by many sources, the Heartbleed has a significant impact also on mobile users unaware of the incumbent threat. Numerous servers were exposed to serious risks due Heartbleed flaw, same servers are accessed by mobile user enlarging the surface of exposure caused by the flaw in the OpenSSL library. Let’s consider the Android platform, Google issued a specific blog post to reassure its users highlighting that Android OS was not vulnerable to the Heartbleed bug, except for a single version as explained in the following statement:
“Android – All versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners). We will continue working closely with the security research and open source communities, as doing so is one of the best ways we know to keep our users safe.”
But the version mentioned by Google, the Android 4.1.1 Jelly Bean, is probably today the most widespread version (34.4% of the Android devices, which means that at least 344 Millions of mobile suffer the vulnerability) and it uses the vulnerable version of OpenSSL.
Are you an Apple user?
“Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key web-based services were not affected,” an Apple spokesperson told Re/code.
anyway according the company BlackBerry Smartphones neither BlackBerry Infrastructure aren’t affected by the flaw. According TheHackerNews security portal the overall number of affected users is nearly 80 million people, exactly the number of BlackBerry Messenger service users.
(Security Affairs – Heartbleed, mobile)