If you’ve been online at some point in the last 36 hours, chances are you’ve heard of ‘Heartbleed’, a flaw in OpenSSL that has exposed data to theft on approximately 2/3 of servers in use around the globe over the past two years. It’s not known how bad the damage may be, but the revelation of the vulnerability sent server teams around the world scrambling to patch their systems. Among them: Google. In a posting today on the Google Online Security Blog, Google revealed that they had patched OpenSSL vulnerabilities in a number of their services.
We’ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine. Google Chrome and Chrome OS are not affected. We are still working to patch some other Google services.
While those services are now secured and Android was not affected to begin with, users of the Google Cloud Platform and Google Search Appliance will have to manually update their devices. Additionally, Android 4.1.1 is somehow vulnerable to the Heartbleed exploit, while earlier and later versions of Android are not. Google is distributing patching information to their Android partners so those on version 4.1.1 can get a fix, but if your device is still on that old of an Android version, we wouldn’t cross our fingers for an update any time soon.