MOUNTAIN VIEW, Calif., April 14 (UPI) -- More than a third of Android users on the Jelly Bean version of the OS are still waiting a patch for the Heartbleed bug, which was revealed last week.
While Google has patched and secured key services, such as Search, Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine and Earth, patching information for Android 4.1.1 is currently being distributed to Android partners.
This has potentially put a lot of people at risk of data theft. Additionally, security firms warn that hundreds of apps still need to be fixed.
"We will continue working closely with the security research and open source communities, as doing so is one of the best ways to know how to keep our users safe," wrote Google product manager Matthew O'Connor, in a blog post.
Blackberry said that it would release a fix by Friday for its popular BBM instant messaging software for iOS and Android, and that there was only a very small risk of hackers exploiting the bug to steal its customers' data.
A team of researchers from Finnish security firm Codenomicon and Google independently discovered Heartbleed. The bug gave hackers a chance to grab 63 KB of unencrypted data from the working memory of systems using vulnerable versions of OpenSSL. While this is a small amount of data, hackers could have repeated the process over and over again and gotten access to passwords and server certificate private keys.
[Google Blog Post] [BBC] [PC Mag]
