By now, most folks are likely getting tired of hearing about the OpenSSL Heartbleed vulnerability but it's an insanely important thing to address and chances are we're going to be hearing about it for quite some time now as companies get their software, services, websites, apps and more in the clear of the issue entirely.
I've not noticed a lot of concerned BlackBerry users but if you are among those wondering how BlackBerry is handling it and what, if any, software or services were affected by it we now have a full knowledge base article from BlackBerry covering it.
BlackBerry is currently investigating the customer impact of the recently announced OpenSSL vulnerability. BlackBerry customers can rest assured that while BlackBerry continues to investigate, we have determined that BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 are not affected and are fully protected from the OpenSSL issue. A list of known affected and unaffected products is supplied in this notice, and may be updated as we complete our investigation.
The OpenSSL heartbeat extension read overflow is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows an attacker to steal the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. This issue was addressed in OpenSSL 1.0.1g and a fix is available for integration into affected BlackBerry products. The vulnerability is detailed in CVE-2014-0160.
Further investigation into affected products is ongoing, and BlackBerry is working to determine the full impact of the issue and confirm the best approach for protecting customers. As fixes become available, this notice will be updated.
BlackBerry smartphones are NOT affected by this issue and BlackBerry notes, as the investigations into the affected offerings continues the knowledge base article will be updated accordingly. If you're looking for more info, you can hit the source link to view the entire knowledge base article on the matter.
To be clear though, just because smartphones are unaffected that doesn't instantly mean everything is in the clear. If you're concerned, you should be checking with developers and vendors and resetting your passwords where and when advised to do so.