The devices affected are those running under Android version 4.1.1, or “Jelly Bean”, according to a study carried out by the analytics firm Chitika, said British newspaper The Guardian. Apparently, the bug has been there for two years, but it only became public when the patch to counteract it was launched.
Devices running under that version of Google’s operating system will be vulnerable to an action described as “reverse Heartbleed,” by which a malware server could use the bug of the encryption system OpenSSL -the most popular online encryption system- to steal information from devices’ browsers.
“Reverse Heartbleed” could expose passwords and user activity. In theory, devices with previous versions of Android, those that aren’t being updated anymore, would also be vulnerable, but at Google they assured that less than 10% of the world’s active devices could have been affected by this bug.
Source: BlackBerry Vzla