Google has announced that it has fixed several of its services that were vulnerable to the Heartbleed vulnerability in OpenSSL. “You may have heard of ‘Heartbleed,’ a flaw in OpenSSL that could allow the theft of data normally protected by SSL/TLS encryption,” blogged Google product manager Matthew O’Connor. “We’ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine. Google Chrome and Chrome OS are not affected. We are still working to patch some other Google services.”
The other Google services still waiting for patches include Google Cloud SQL, Google Compute Engine and Google Search Appliances. Users running Android 4.1.1 are also vulnerable and should upgrade to a newer version of Android if possible.