According to ZDNet’s latest report, iOS and OS X devices aren’t affected by the Heartbleed bug, but BlackBerry’s BBM app for iOS and Android remains vulnerable. Yesterday, Apple had officially confirmed that in addition to iOS and OS X, its key web services were also not affected by the Heartbleed security bug.
Earlier this week, security researchers had discovered a critical vulnerability in recent versions of OpenSSL, which allows an attacker to retrieve as many 64k chunks of memory, providing private and critical information like passwords and encryption information. In contrast to Apple however, BlackBerry has today confirmed that several of its products, including BBM for iOS and Android were affected by the Heartbleed. Other BlackBerry products affected include Secure Work Space for iOS and Android and BlackBerry Link for Windows and Mac OS.
“BlackBerry doesn’t have a patch for any of the products yet, but worse yet there are “no mitigations” for the vulnerability in BBM or Secure Work Spaces. However, BlackBerry noted the flaw is “non-trivial” to exploit. Still, users might be wise to err on the side of caution and avoid the apps if they can until the company has a patch.”
BlackBerry has also noted that its core products including BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 were not affected.
We once again strongly encourage users to change their online passwords on sites which have any personal or payment information.