Google ties Heartbleed tourniquet to most key services

Google Heartbleed
All clear for Google services

It's likely to be a long week for IT professionals dealing with the aftermath of Heartbleed, the OpenSSL security flaw discovered earlier this week - but team Google appears to have a good handle on it for now.

The Google Online Security Blog announced patches to many key Google services affected by Heartbleed, the security bug discovered April 7 that potentially allows for theft of data typically protected by SSL/TLS encryption.

"We've assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine. Google Chrome and Chrome OS are not affected," explained Google Product Manager Matthew O'Connor in the post.

The company's security experts are still working to patch "some other Google services" affected by CVE-2014-0160, the official name for the OpenSSL flaw which has been dubbed "Heartbleed."

Android immunity

Google's security team also made it clear that the Android operating system is largely immune to Heartbleed, with the exception of Android 4.1.1, although the company is already distributing a patch to partners for that version.

Google Cloud Platform and Google Search Appliance customers are also having Heartbleed purged from their services, with an update on the latter expected to arrive within 24 hours for enterprise customers.

Security engineers are also currently busy patching Cloud SQL, with fixes expected to roll out today and tomorrow; in the meantime, Google has posted instructions on how to whitelist IP addresses to prevent unknown hosts from accessing them.

Although many companies are encouraging users to reset their passwords, security experts recommend waiting until fixes are in place to eradicate the Heartbleed flaw. The status of any domain name can be checked absolutely free from the Qualys SSL Labs website.

TOPICS
Latest in Pro
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
European Union technical background
EU tech companies push for digital sovereignty, reducing reliance on US and others
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
Adobe Summit 2025
Adobe Summit 2025 - all the news and updates as it happens
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments