BlackBerry today released an update to its BlackBerry Enterprise Service (BES) 10 software designed to address a "Heartbleed"-related OpenSSL vulnerability in the version of Apache Tomcat used within the BES BlackBerry Work Connect Notification Service.
BlackBerry first announced that it was investigating the implications of the Heartbleed vulnerability on BlackBerry products on April 10. The related BES flaw "could have allowed a potentially malicious user to obtain sensitive information," according to BlackBerry.
Any organization running BES 10 version 10.1.1, 10.1.2, 10.1.3, 10.2.0, 10.2.1 or 10.2.2 should apply the security patch immediately, according to BlackBerry
BES 10 version 10.2.2 Security Update 04221014 is available on the company's software downloads page. The release notes for the security update can be found here.
Sign up for Computerworld eNewsletters.