BlackBerry was initially quick to issue their response to the OpenSSL Heartbleed vulnerability now it looks like they will be patching this via an update on Secure Work Space and BBM by Friday.
For those unfamiliar with the OpenSSL Heartbleed security threat:
The OpenSSL heartbeat extension read overflow is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows an attacker to steal the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. This issue was addressed in OpenSSL 1.0.1g and a fix is available for integration into affected BlackBerry products. The vulnerability is detailed in CVE-2014-0160.
As far as this vulnerability getting patched for BlackBerry software:
“The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.
“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.- Reuters
Update: Just wanted to point out that this patch will be for iOS and Android only. BlackBerry devices don’t use an open SSL for their native apps.
BlackBerry continues to make their software a great built-in security model that other companies fail to make a priority.