BlackBerry Releases BES 10 Security Update to Address 'Heartbleed' Flaw

BlackBerry today released an update to its BlackBerry Enterprise Service (BES) 10 software designed to address a "Heartbleed"-related OpenSSL vulnerability in the version of Apache Tomcat used within the BES BlackBerry Work Connect Notification Service. (A detailed breakdown of the vulnerability is available on NIST.gov.)

BlackBerry first announced that it was investigating the implications of the Heartbleed vulnerability on BlackBerry products on April 10. The related BES flaw "could have allowed a potentially malicious user to obtain sensitive information," according to BlackBerry.

Any organization running BES 10 version 10.1.1, 10.1.2, 10.1.3, 10.2.0, 10.2.1 or 10.2.2 should apply the security patch immediately, according to BlackBerry

BES 10 version 10.2.2 Security Update 04221014 is available on the company's software downloads page. The release notes for the security update can be found here.

Al Sacco covers Mobile and Wireless for CIO.com. Follow Al on Twitter @ASacco. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.

Tags mobilesmartphonesBlackberrymobile applicationsconsumer electronicspatches

Show Comments