After the news doing rounds that the heartbleed vulnerability existed for two years, everybody is having a look into their systems. The OpenSSL bug came as a shock to the industry as the exploit in the system went unnoticed for a long period. Since it had affected Https (Hyper Text Transfer Protocol Secure) secured websites it was ought to have a secured data leak. However the damage is not yet known.
Google recently on its blog posted an article by Matthew O’Connor, Product Manager to address the issue. He had in the blog posted the various steps taken by Google against the Heartbleed bug. For Android users he has mentioned that all the versions of OS except one is safe from the threat.
Android Jelly Bean version 4.1.1 devices are vulnerable to the heartbleed bug. Still there should be many devices with the users running on Android Jelly Bean 4.1.1. Many cheap Android handsets manufacture devices in small numbers. Their target is to sell devices at cheap rates and they are not interested in pushing the OS updates for their devices.
Statistically it is seen that Google Android Jelly Bean 4.1.X exists on atleast 34% devices. Jelly Bean came in two versions 4.1.1 and an update of 4.1.2 which was released on 9th October 2012. So it is really not possible to track the exact number of the Android 4.1.1 users.
Matthew O’Connor, Product Manager wrote :
“Android: All versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners). We will continue working closely with the security research and open source communities, as doing so is one of the best ways we know to keep our users safe.”