BlackBerry Releases BES 10 Security Update to Address 'Heartbleed' Flaw

BlackBerry's BES 10 software was updated on Tuesday to fix a security issue related to the "Heartbleed" OpenSSL vulnerability.

BlackBerry today released an update to its BlackBerry Enterprise Service (BES) 10 software designed to address a "Heartbleed"-related OpenSSL vulnerability in the version of Apache Tomcat used within the BES BlackBerry Work Connect Notification Service. (A detailed breakdown of the vulnerability is available on NIST.gov.)

Heartbleed bleeding heart

BlackBerry first announced that it was investigating the implications of the Heartbleed vulnerability on BlackBerry products on April 10. The related BES flaw "could have allowed a potentially malicious user to obtain sensitive information," according to BlackBerry.

Any organization running BES 10 version 10.1.1, 10.1.2, 10.1.3, 10.2.0, 10.2.1 or 10.2.2 should apply the security patch immediately, according to BlackBerry

BES 10 version 10.2.2 Security Update 04221014 is available on the company's software downloads page. The release notes for the security update can be found here.

AS

Al Sacco covers Mobile and Wireless for CIO.com. Follow Al on Twitter @ASacco. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Download the CIO October 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.