BlackBerry today released an update to its BlackBerry Enterprise Service (BES) 10 software designed to address a "Heartbleed"-related OpenSSL vulnerability in the version of Apache Tomcat used within the BES BlackBerry Work Connect Notification Service. (A detailed breakdown of the vulnerability is available on NIST.gov.)
BlackBerry first announced that it was investigating the implications of the Heartbleed vulnerability on BlackBerry products on April 10. The related BES flaw "could have allowed a potentially malicious user to obtain sensitive information," according to BlackBerry.
Any organization running BES 10 version 10.1.1, 10.1.2, 10.1.3, 10.2.0, 10.2.1 or 10.2.2 should apply the security patch immediately, according to BlackBerry
BES 10 version 10.2.2 Security Update 04221014 is available on the company's software downloads page. The release notes for the security update can be found here.