Number:IRCNE2014042158
Date: 2014-04-12
According to “zdnet”, client-side applications can be vulnerable too, not just servers — particularly those running on Android 4.1.x.
Google yesterday confirmed Android 4.1.1, Jelly Bean, was affected by the flaw and it was developing a patch and distributing it to Android partners.
It's not clear how many Android 4.1.1 devices exist but according to Google's Android distribution dashboard 4.1.x accounts for about 35 percent of all Android devices.More than one-third of operational Android devices are still running version 4.1.x, Williams said.
Unlike most Linux distributions, which the researchers praised for issuing OpenSSL patches promptly, they were scathing of Android for the availability of patches being "a little bit less than desired", as Williams put it.
Lyne warned that criminals are starting to take advantage of Heartbleed's high media profile.
"Through today, the cyber criminals really wised up to the fact that this was an interesting topic for the mainstream media, beyond being an interesting bug. So we've started seeing lots of spam messages about Heartbleed being used as a mechanism to distribute other malicious code and scams." he said.
- 4