Number:IRCNE2014042157
Date: 2014-04-12
According to “zdnet”, iOS and OS X users can breathe a sigh of relief with the knowledge that their devices are not affected by the catastrophic OpenSSL Heartbleed security flaw — but if they're using BBM for really private messages on iOS they might want to stop right now.
"Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key web-based services were not affected," Apple told Re/code.
Apple uses different SSL/TLS libraries called SecureTransport, which was hit by its own very serious bug in February — though it wasn't quite as dangerous as Heartbleed.
BlackBerry has now confirmed that several of its products, including BBM for iOS and Android were affected by the Heartbleed. BBM has about 80 million users.
Other BlackBerry products affected include its rival to Samsung's Knox, Secure Work Space for iOS and Android, and BlackBerry Link for Windows and Mac OS.
BlackBerry doesn't have a patch for any of the products yet, but worse yet there are "no mitigations" for the vulnerability in BBM or Secure Work Spaces.
BlackBerry's core products including BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 were not affected, it said.
However, cloud giant Amazon confirmed it was affected, which has had an impact on anyone that used ELB, EC2, OpsWorks, Elastic Beanstalk, and CloudFront.
Mozilla announced on Wednesday that its federated identity authentication project, Persona, and Firefox Account were affected by Heartbleed. Their servers ran in AWS while encrypted TLS connections terminated on AWS ELB using OpenSSL.
- 4