Android 4.4.1 Jelly Bean vulnerable to Heartbleed, fix issued


Google has revealed that its Android 4.1.1 Jelly Bean OS released in 2012 is particularly vulnerable to the Heartbleed bug and has issued a fix.


The search engine giant issued a statement earlier this month outlining the Android 4.1.1 Jelly Bean risks and has now created a fix to protect users with smartphone incapable of running more recent mobile OS versions.


However, the patch hasn’t been pushed out to devices yet, meaning users are still at risk of having their personal data stolen by the Heartbleed bug.


Google’s statistics show that less than 10 per cent of Android devices still run Android 4.1.1 Jelly Bean, but seeing as the total number of Android users is around the 1 billion mark that is still a significant number.


If you can, we advise you update your device to a more recent version of Android, but if you’re at your limit you’ll have to wait for the fix.


Smartphone that are unable to go beyond Android 4.1.1 Jelly Bean include the HTC One S, Sony Xperia J and Asus PadFone 2, which were only released last year.


“Privacy and security are important to HTC and we are committed to helping safeguard our customers’ devices and data,” said HTC. “We are currently working to implement the security patch issued by Google this week to the small number of older devices that are on Android 4.1.1.”


Asus added that its device range can “expect an update imminently”, but couldn’t provide specific dates.


Android 4.1.1 Jelly Bean aside, security firms are warning that hundreds of apps accessible via the Google Play and iOS App Stores are still awaiting fixes. These include Blackberry’s cross-platform messaging app BBM.


BlackBerry has said it will not be releasing a patch for the issues until Friday April 19, but reassured users that the risk of hackers using Heartbleed to pinch your data is “extremely small”.


Read more: Best mobile phones 2014


Via: BBC