Quantcast

iOS / OS X Free from Heartbleed Bug, BBM App Remains Vulnerable

According to ZDNet’s latest report, iOS and OS X devices aren’t affected by the Heartbleed bug, but BlackBerry’s BBM app for iOS and Android remains vulnerable. Yesterday, Apple had officially confirmed that in addition to iOS and OS X, its key web services were also not affected by the Heartbleed security bug.

Heart

Earlier this week, security researchers had discovered a critical vulnerability in recent versions of OpenSSL, which allows an attacker to retrieve as many 64k chunks of memory, providing private and critical information like passwords and encryption information. In contrast to Apple however, BlackBerry has today confirmed that several of its products, including BBM for iOS and Android were affected by the Heartbleed. Other BlackBerry products affected include Secure Work Space for iOS and Android and BlackBerry Link for Windows and Mac OS.

“BlackBerry doesn’t have a patch for any of the products yet, but worse yet there are “no mitigations” for the vulnerability in BBM or Secure Work Spaces. However, BlackBerry noted the flaw is “non-trivial” to exploit. Still, users might be wise to err on the side of caution and avoid the apps if they can until the company has a patch.”

BlackBerry has also noted that its core products including BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 were not affected.

We once again strongly encourage users to change their online passwords on sites which have any personal or payment information.

“Technology runs through my veins...” | Follow me: @DrUsmanQ usman@iPhoneinCanada.ca

  • Ron Miller

    Be careful saying that iOS / OSX devices aren’t affected. It is true that the bug is not local to the device. However, if an iOS or OSX device talks to a server with the vulnerability (of which there were MANY of them), then secure information could still have been compromised. For example, if website bankxxx.com was using a server with the bug, and an iOS device logged into that website, it is theoretically possible that someone could have “pinged” the server and retrieved the password.