Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support

Send a message

Your tickets

Profile

Heartbleed

CVE-2014-0160

Heartbleed is a vulnerability in the OpenSSL library of Google Android that theoretically enables cybercriminals to get access to the information protected by the SSL/TLS encryption methods.

Dr.Web anti-virus for Android detects and removes malicious programs that use the Heartbleed vulnerability just after the beginning of the installation process. Thus, Dr.Web users are effectively protected from such Trojans.

Technical details

The Heartbleed vulnerability (CVE-2014-0160) is caused by the error in the system library /system/lib/libssl.so. This vulnerability exists on Google Android devices that use the following versions of this library: 1.0.1a, 1.0.1b, 1.0.1c, 1.0.1d, 1.0.1e, 1.0.1f, 1.0.2-beta1.

Technical implementation of this vulnerability is based on the OpenSSL library’s incorrect processing of the Heartbeat packages. Due to this, the application attacking the system can use specifically formed requests to get access to 64 KB memory of the system process with which the encrypted secure connection is established. Memory leak occurs because of the absence of buffer overflow check in heartbeat TLS extension’s implementation (RFC 6520). As a result, by modifying the request, cybercriminals can successively read the process’s memory contents. In this memory sector, passwords, session IDs, or private keys can be stored. Cybercriminals can extract these data and use it for their future attacks.

See also information about other vulnerabilities

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2018

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040