Android 4.1.1 Devices Dangerous To Heartbleed Bug, Says Google

Google has become the latest to join the ranks of the company who have issued public warnings about their products being vulnerable to exploitation because of the massively widespread Heartbleed bug. The company has said, users of all Android versions except specifically 4.1.1 are unaffected.

In a post titled Google Services Updated to Address OpenSSL CVE-2014-0160 (the Heartbleed bug, the search and online services giant added that ‘patching information’ for Android 4.1.1 is being distributed to device manufacturers and carriers, who are responsible for creating and issuing updates.
What is Heartbleed bug?

Heartbleed is a bug in the OpenSSL encryption framework used by Web servers to secure communications between themselves and the outside world. In early April, it was reported that attackers were able to retrieve information including sensitive encryption keys, user account details and message contents, from servers running the vulnerable version of OpenSSL.

Security workers have since demonstrated hacks that have resulted in retrieval of working encryption keys
Android version fragmentation is a common problem within the ecosystem, and millions of users could still be running version 4.1.1, also known by the codename Jelly Bean.

Version 4.1.1 was a minor update to 4.1 containing bug fixes related to specific devices. Version 4.1.2 was released less than three months later, potentially limiting the scope of the number of devices affected.

Google has admitted that its Web services Search, Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine and Earth were affected by Heartbleed but have now been patched. Other vulnerable websites included Dropbox, Facebook, Twitter, Tumblr, Yahoo, GoDaddy, and Amazon Web Services.

Leave a Reply

Your email address will not be published. Required fields are marked *