BlackBerry updates BES10 to address Heartbleed OpenSSL vulnerability
on 22 Apr 2014 02:00 pm EDT
The aftermath of the Heartbleed OpenSSL vulnerability continues to be cleaned up and as we noted previously, BlackBerry has been doing their own investigations into how their own services have been impacted. One measure taken to correct things was issuing an update to BES10 as reflected in their recent updates on the BlackBerry knowledge base surrounding the matter. The notes from the update are brief but outline the details of the affected services and what admins should expect when applying the update.
This is a minor update applicable only to the BlackBerry Work Connect Notification Service; a complete outage is not required before you apply the security software update. You only have to stop the BlackBerry Work Connect Notification Service, apply the security software update, and then start the BlackBerry Work Connect Notification Service. No database updates are
OpenSSL vulnerabilities existed in the version of Apache Tomcat that the BlackBerry Work Connect Notification Service used. These vulnerabilities could have allowed a potentially malicious user to obtain sensitive information. These issues are resolved by this interim security software update.
BlackBerry Enterprise Service 10 versions 10.1.1, 10.1.2, 10.1.3, 10.2.0, 10.2.1, 10.2.2
If you're looking for the full details, you can check out the BlackBerry Knowledge base website for the full run down of affected and unaffected software as well as any steps that should be taken to prevent any security issues. Additionally, the interim update can be downloaded directly from the BlackBerry downloads page as well.