Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab

Ellen Messmer | April 16, 2014
The flawed OpenSSL Heartbleed problem is putting many security firms in the hot seat.

McAfee also notes it may have more announcements to make about vulnerable products in the future. But for now, it's not naming them because of concerns about possible attacks.

"The safety of our customers is always our first priority," McAfee said in a prepared statement. "McAfee is following a set methodology that evaluates vulnerabilities and potential vulnerabilities, and then helps impacted customers fix those vulnerabilities before making the details public. Going public with details without protecting our customers would make them vulnerable to attacks."

Kaspersky Lab is is also coping with Heartbleed. Kaspersky says the fixed web services it was using were vulnerable to Heartbleed, and Kaspersky also says it has already developed a "special fix which is already being delivered for technical support" for its enterprise products Kaspersky Security Center and Kaspersky Security Center MR1.

Consumer versions of the company's anti-malware software also use OpenSSL but a Kaspersky spokesman says it did determine these "can't be affected due to the Heartbleed vulnerability." However, Kaspersky says it does intend to issue Heartbleed-related patches for Kaspersky Internet Security 2014, Kaspersky Internet Security 2013, Kaspersky Pure 3.0 and Kaspersky Internet Security for Mac as a precaution in the coming weeks.

Kaspersky downplayed the threat posed by the Heartbleed Bug, saying its specialists conducted tests to see whether exploitation of the Heartbleed vulnerability could lead to data being compromised and "no such scenarios were detected. The security firm is "also not aware of any in-the-wild malware samples exploiting this vulnerability that could be used to target the company's products or web services."

Kaspersky offered assurances to its customers that it believes "no data has been compromised as a result of Heartbleed OpenSSL library vulnerability used by Kaspersky Lab products and services."


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.