Protecting Vulnerable Clients from Reverse-Heartbleed


Protecting Vulnerable Clients from Reverse-Heartbleed ‹ Palo Alto Networks Blog.

At first glance, a “Reverse-Heartbleed” sure sounds a whole lot less painful than a “Heartbleed”, but if you or your organization use mobile devices for accessing potentially sensitive information, you’ll want to read this article to understand the risks and how hackers are still making the most of this popular vulnerability.

In a nutshell,  a reverse-heartbleed attack exploits the heartbleed vulnerability, a flaw in some versions of OpenSSL, to read your phone or tablet’s memory and copy it to a remote server, meaning it’s got a better chance of capturing your personal or sensitive information and giving it to the “bad guys”.  As noted in this article, Android devices running version 4.1.1 of the operating system are particularly vulnerable. Read this article from Palo Alto Networks for more details and specifics about how this kind of attack works.