Heartbleed
has left a worst impression worldwide affecting millions of websites
and is also supposed to put millions of Smartphones and tablets users at
a great risk.
Heartbleed is a critical bug (CVE-2014-0160)
in the popular OpenSSL cryptographic software library, that actually
resides in the OpenSSL's implementation of the TLS/DTLS heartbeat
extension, which allows attackers to read portions of the affected
server’s memory, potentially revealing users data such as usernames,
passwords, and credit card numbers, that the server did not intend to
reveal.
OpenSSL
is a widely-used cryptographic library which implements the SSL and TLS
protocol and protects communications on the Internet, and mostly every
websites use either SSL or TLS, even the Apache web server that powers
almost half of the websites over internet utilizes OpenSSL.
But to assume that the users using desktop browsers to visit websites
are vulnerable to the Heartbleed bug, will be wrong. Despite 40-60
billion active Smartphone applications may be sharing some of those same
servers or connect to their own group of servers that may also be
compromised.
ANDROID
Google wrote in an update on its Online Security blog
on Wednesday, emphasizing that Android was not vulnerable to the
Heartbleed bug, except for a very specific version and can you guess
that so called specific version??
Android
4.1.1 Jelly Bean, the one which makes up the majority of Android
devices around the world, and which relies on the vulnerable version of
OpenSSL.
Google didn’t reveal the actual figure that are vulnerable to the bug, but according to the latest dashboard released
by Google, it is estimated that around 34.4% of the Android devices in
use today are running the Android 4.1.x version.
Even last September Google announced that it had activated one billion
devices. This means that the minimal number is likely to be in the
millions. So, one can imagine how many Smartphones and tablets were at
risk.
Well, Google has released the patches for Android 4.1.1 which is being distributed among the Android partners.
APPLE
Apple
users can be relaxed knowing that their devices running iOS and OS X
are not affected by the most critical security flaw, Heartbleed.
"Apple takes security very seriously. IOS and OS X never incorporated
the vulnerable software and key web-based services were not affected," Apple told Re/code.
Instead using OpenSSL, Apple relies on different SSL/TLS libraries
called Secure Transport, which was hit by its own very serious bug in
February outcropping the possibility for man-in-the-middle (MitM) attacks — though it wasn't as dangerous as the recent OpenSSL Heartbleed security Flaw.
But still Apple users were not exempted completely, as the users using
BBM for private messages on iOS might have been vulnerable to this flaw.
BLACKBERRY
Blackberry confirmed
that some of its products, including Secure Work Space for iOS and
Android, and BlackBerry Link for Windows and Mac OS and even BBM for iOS
and Android were vulnerable to the Heartbleed security flaw. The figure
of affected users is not least, as about 80 million people use BBM
service.
They have also assured that BlackBerry Smartphones and tablets,
BlackBerry Enterprise Server 5, BlackBerry Enterprise Service 10, and
the BlackBerry Infrastructure are not affected by the flaw and are fully
protected.
No comments:
Post a Comment