Android 50M vs Apple 0: Android More Affected by Heartbleed Bug?

By @peevesky on
TracBeam Sues Apple
TracBeam Sues Apple Reuters

The Heartbleed bug caused widespread concern when it was discovered earlier this April. Just as many websites were affected, the same goes for Android. According to recent reports, Android phone and apps may be more vulnerable to the threat compared to Apple. 

According to a report by The Guardian, approximately 50 million Android handsets are at risk of the OpenSSL bug. The data came from Google's announcements last April 9. According to the tech giant:

"All versions of Android are immune to CVE-2014-0160, with the limited exception of Android 4.1.1..." 

CVE-2014-0160 is the Heartbleed Bug. Chitka, an analytics firm, estimate that around 50 million smartphones are running Android 4.4.1 Jelly Bean. Around 4 million handsets in the United States may be affected or at risk of the bug. According to Chitka:

"Over that seven-day time period (April 7-13), Android 4.1.1 users generated 19 percent of total North American Android 4.1 Web traffic, with users of version 4.1.2 generating an 81 percent share." For a better understanding of the stats, Chitka reported earlier that Android 4.1 users accounted for 25.4% of Android web traffic for North America. This emphasizes the extent of damage or threat for Android. 

This does not apply to Apple. In early April, Apple clarified that the company's web-based services are far from Heartbleed vulnerability. However, the company did not mention that its 2013 Airport Extreme and Time Capsule are at risk. Fortunately, the company has released a patch for this. According to Apple: 

"An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue." 

Users running both programs should install the firmware update. 

Join the Discussion