oss-sec mailing list archives
Re: Heartbleed, clients and Android
From: Eric Lacombe <goretux () gmail com>
Date: Wed, 09 Apr 2014 23:45:44 +0200
Hi, Le mercredi 9 avril 2014 12:21:29, Hanno Böck a écrit : [...]
Because the latter would include Android. We are all pretty aware that android updates are in large parts nonexistent.I don't have much clue about Android, but I think I heard heartbeat was disabled in Android, but I don't have a link right now. Also, I'm unsure what actually use libssl in Android and what uses NSS.Seems Android disabled Heartbeat in 2012: https://android.googlesource.com/platform/external/openssl.git/+/android-4.1 .2_r1 Still leaves some android versions as potentially vulnerable.
A recent post from Google security blog http://googleonlinesecurity.blogspot.fr/2014/04/google-services-updated-to-address.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed: +GoogleOnlineSecurityBlog+(Google+Online+Security+Blog) Regards, Eric
Current thread:
- Heartbleed, clients and Android Hanno Böck (Apr 09)
- Re: Heartbleed, clients and Android Yves-Alexis Perez (Apr 09)
- Re: Heartbleed, clients and Android Hanno Böck (Apr 09)
- Re: Heartbleed, clients and Android Yves-Alexis Perez (Apr 09)
- Re: Heartbleed, clients and Android Nick Kralevich (Apr 09)
- Re: Heartbleed, clients and Android Eric Lacombe (Apr 09)
- Re: Heartbleed, clients and Android Hanno Böck (Apr 09)
- Re: Heartbleed, clients and Android Hanno Böck (Apr 09)
- Re: Heartbleed, clients and Android Yves-Alexis Perez (Apr 09)