By now, most folks are likely getting tired of hearing about the OpenSSL Heartbleed vulnerability but it's an insanely important thing to address and chances are we're going to be hearing about it for quite some time now as companies get their software, services, websites, apps and more in the clear of the issue entirely.
I've not noticed a lot of concerned BlackBerry users but if you are among those wondering how BlackBerry is handling it and what, if any, software or services were affected by it we now have a full knowledge base article from BlackBerry covering it.
BlackBerry is currently investigating the customer impact of the recently announced OpenSSL vulnerability. BlackBerry customers can rest assured that while BlackBerry continues to investigate, we have determined that BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 are not affected and are fully protected from the OpenSSL issue. A list of known affected and unaffected products is supplied in this notice, and may be updated as we complete our investigation.
The OpenSSL heartbeat extension read overflow is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows an attacker to steal the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. This issue was addressed in OpenSSL 1.0.1g and a fix is available for integration into affected BlackBerry products. The vulnerability is detailed in CVE-2014-0160.
Further investigation into affected products is ongoing, and BlackBerry is working to determine the full impact of the issue and confirm the best approach for protecting customers. As fixes become available, this notice will be updated.
Affected Software
- BBM for iOS and Android - There are no mitigations for this vulnerability, however the vulnerability is non-trivial to exploit.
- Secure Work Space for iOS and Android - There are no mitigations for this vulnerability for Secure Work Space for iOS and Android.
- BlackBerry Link for Windows - This issue is mitigated for BlackBerry Link for Mac OS and BlackBerry Link for Windows due to the fact that, typically, these systems are not visible to the Internet and external traffic is sent via a proxy in a business environment. This significantly raises the difficulty of exploiting these systems. BlackBerry Link customers can employ their firewall system to filter out heartbeat requests.
- BlackBerry Link for Mac OS - This issue is mitigated for BlackBerry Link for Mac OS and BlackBerry Link for Windows due to the fact that, typically, these systems are not visible to the Internet and external traffic is sent via a proxy in a business environment. This significantly raises the difficulty of exploiting these systems. BlackBerry Link customers can employ their firewall system to filter out heartbeat requests.
Non-Affected Software
- BlackBerry Enterprise Service 10
- BlackBerry Enterprise Server 5
- BlackBerry Universal Device Server
- BlackBerry® 10 OS
- BlackBerry® 7.1 OS and earlier
- BBM for BlackBerry smartphones
BlackBerry smartphones are NOT affected by this issue and BlackBerry notes, as the investigations into the affected offerings continues the knowledge base article will be updated accordingly. If you're looking for more info, you can hit the source link to view the entire knowledge base article on the matter.
To be clear though, just because smartphones are unaffected that doesn't instantly mean everything is in the clear. If you're concerned, you should be checking with developers and vendors and resetting your passwords where and when advised to do so.
Read more
How Go Talk intends to be the BlackBerry of mobile carriers
Identity theft often goes through an unexpected route: conning the carrier. Go Talk Wireless wants to stamp out SIM swap fraud at the source.
Could AphyOS be the BlackBerry 10 successor we’ve been waiting for?
I met with representatives of Apostrophy at CES and received a first look at AphyOS — a new privacy-focused, subscription-based mobile OS that is expected launch later this year.
The Apple Watch Ultra is perfect for more than just fitness buffs
The Apple Watch Ultra is positioned as a smartwatch in a class of its own among Apple's smartwatch lineup, and it's in a class of its own amongst all smartwatches. Here's why we love it!
CrackBerry website migration happening this Saturday - DONE
Today is 2/22/22, which has put the number TWO in my head and made me realize it has been a minute or two since I've updated everyone on CrackBerry 2.0 relaunch progress. To fix that, here's an update starting with two exciting things happening this Saturday: 1. CrackBerry Turns 15! February 26, 2022 marks 15 years since CrackBerry.com officially launched. Seriously, where does the...