On April 7th, the Heatbleed bug was announced. Although Google had patched its most popular services to address the Heartbleed bug last week, there’s still a huge chunk of Android smartphones left vulnerable to the security flaw.
Google assured Android owners in a blog post on April 9 that most versions are not affected by the flaw. However, the company added that a version called 4.1.1 Jelly Bean is a “limited exception.” Heartbleed bug can trick a server into spilling out data from its memory. According to the most recent statistics from Google, Android 4.1 accounts for 34.4 percent of handsets powered by Android, but it’s unclear exactly how many are running on the sub-version 4.1.1.
That version of Android was released in 2012 and is likely to be running on older Android smartphones that are updated less frequently than newer flagships. Though the company said that fewer than 10 percent of devices in use are vulnerable, Google spokesperson Christopher Katsaros confirmed that millions of devices, including some made by Samsung and HTC, still run 4.1.1 Jelly Bean.
The Heartbleed bug was discovered earlier this month by Google Security’s Neel Mehta and a team of engineers at Finnish security firm Codenomicon. The flaw affects a version of OpenSSL, an encryption standard used by a huge chunk of the Internet, and it can trick a server into copying information from its memory without realizing it.
It’s still unclear whether there is an immediate update to patch this bug. Google’s blog post says,
“Patching information for Android 4.1.1 is being distributed to Android partners.”
Verizon has told Bloomberg that it is “working with device manufacturers to test and deploy patches to any affected device on our network running Android 4.1.1.”
BlackBerry plans to release Heartbleed security updates for two of its products: BBM messaging for Android and Apple’s IOS and its Secure Work Space corporate e-mail software.
Source: Yahoo News