News

Google: Android 4.1.1 devices vulnerable to Heartbleed bug

By on

After the widespread news about the Heartbleed bug that threatens the internet’s security, a lot of companies made public warnings to help customers protect themselves from its effects. Google is not an exception as the company warned Android 4.1.1?s product users for being vulnerable to Heartbleed bug.

In an official statement of Google posted on their official online security blog wrote:

“You may have heard of ?Heartbleed,? a flaw in OpenSSL that could allow the theft of data normally protected by SSL/TLS encryption. We?ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine and Earth. Google Chrome and Chrome OS are not affected. We are still working to patch some other Google services. We regularly and proactively look for vulnerabilities like this — and encourage others to report them — so that that we can fix software flaws before they are exploited,” Google said.

If you are a Google Cloud Platform or Google Search Appliance customer, or don?t use the latest version of Android,” the company through Matthew O’Connor, Product Manager added.

In a blog post entitled ?Google Services Updated to Address OpenSSL CVE-2014-0160 (the Heartbleed bug)?, Google said that all versions of Android are immune to CVE-2014-0160 with the limited exception of Android 4.1.1 and that they?ve been patching information for Android 4.1.1 to Android partners.

The Codenomicon team who discovered the bug explained, ?The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.?

Android 4.1.1 is Android 4.1’s July 2012 revision. Android is the world’s most popular mobile platform. It powers hundreds of millions of mobile devices in more than 190 countries around the world. ?It’s the largest installed base of any mobile platform and growing fast?every day another million users power up their Android devices for the first time and start looking for apps, games, and other digital content. Android gives you a world-class platform for creating apps and games for Android users everywhere, as well as an open marketplace for distributing to them instantly,? Android Developer said.

With this vulnerability of Android 4.1.1 to Heartbleed bug, Google said, ?We will continue working closely with the security research and open source communities, as doing so is one of the best ways we know to keep our users safe.

(Photo courtesy of http://developer.android.com/index.html)

About the author

To Top