updated 02:57 pm EDT, Wed April 9, 2014
Android 4.1.1 vulnerable, device manufacturers informed
In the wake of the disclosure of the OpenSSL "Heartbleed" bug, search engine Google has patched its systems to counter the day-zero flaw. While noting that Google Chrome and ChromeOS aren't affected, the search engine behemoth has fixed any issues with Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine.
Specialty services that Google provides need some care by the user to guarantee security. Customers of CloudSQL should use whitelisting to ensure that only known hosts can access instances. Customers need to manually update OpenSSL on each running instance of the Google Compute Engine, then follow with a reboot. Google Search Appliance customers have yet to see a patch.
Most of Google's Android OS devices are safe from the flaw, with the exception of those running Android 4.1.1 (roughly a third of all active users, according to Google). Patching information is being provided to developers and distributors of Android 4.1.1 hardware, with security being the responsibility of the partner. The Samsung Galaxy SIII smartphone is a device commonly associated with Android 4.1.1.