1. athomas917's Avatar
    Don't think for a minute that at just happened to listen to all the nice tweets they got from us. There was a real security issue at hand with the outdated OS that they had to address.

    Looking forward to 10.3 in 2019

    Sent from my Nexus 7 using CB Forums mobile app
    valleyag likes this.
    04-15-14 08:58 PM
  2. eddy_berry's Avatar
    There was? What was it?
    04-15-14 09:07 PM
  3. mkozak's Avatar
    There was? What was it?
    AT&T was still using 10.1 which had an unpatched buffer overflow vulnerability. I got excited when I saw this article, AT&T was going to have to finally push out 10.2.1.

    BlackBerry patches buffer overflow vulnerability discovered in BlackBerry OS 10.1 | CrackBerry.com
    04-15-14 09:34 PM
  4. The Big Picture's Avatar
    Good catch guys. So these are the things it takes for these people to get a move on.

    The potential from being sued by a throng of people!

    Q10SQN100-3/10.2.1.2228, Z30, Z10, iP5, SGS3
    kbz1960 likes this.
    04-15-14 09:54 PM
  5. iserranov's Avatar
    ATT, so useless. To bad i'm still stuck with them
    04-15-14 09:59 PM
  6. eddy_berry's Avatar
    Oh so if 10.1 had no security issue you guys would still be on it? That sucks.
    kbz1960 likes this.
    04-15-14 10:19 PM
  7. donmateo's Avatar
    Heart bleed vulnerability. Probably grounds for a lawsuit despite the contract as it can compromise private information. Hopefully they'll be quicker since 10.3 is right around the corner.

    Posted via CB10
    04-15-14 10:30 PM
  8. mparker's Avatar
    Maybe I'm wrong, but I don't think 10.2.1 has the heartbleed fix. Hopefully this means we'll get the next version promptly.
    04-16-14 08:33 AM
  9. gokulesh's Avatar
    Maybe I'm wrong, but I don't think 10.2.1 has the heartbleed fix. Hopefully this means we'll get the next version promptly.
    I believe you are incorrect. Heart bleed was eliminated since 10.2 (or even 10.1MR?) in BlackBerry. Someone can confirm.

    Posted via CB10
    04-16-14 08:53 AM
  10. bruce73's Avatar
    I believe you are incorrect. Heart bleed was eliminated since 10.2 (or even 10.1MR?) in BlackBerry. Someone can confirm.

    Posted via CB10
    Yes, that's my understanding as well.
    04-16-14 09:12 AM
  11. mparker's Avatar
    I believe you are incorrect. Heart bleed was eliminated since 10.2 (or even 10.1MR?) in BlackBerry. Someone can confirm.
    How was it eliminated? Heartbleed was only discovered a few weeks ago.
    04-16-14 09:28 AM
  12. mnmikeinsc's Avatar
    Not to play semantics but "discovered" might not be the correct word. Perhaps "published" or "released" would be better. I believe the heartbleed threat was known of for some time - it was only brought into the light recently.
    kbz1960 and BerryRipe like this.
    04-16-14 09:34 AM
  13. kbz1960's Avatar
    How was it eliminated? Heartbleed was only discovered a few weeks ago.
    No it's only been talked about for the last couple weeks.
    04-16-14 09:36 AM
  14. mparker's Avatar
    No it's only been talked about for the last couple weeks.
    I think you're thinking of a different bug.

    The discovery of the heartbeat bug was revealed by Google on Apr 1 of this year, though they found and fixed it a few days earlier (Mar 21) - http://en.wikipedia.org/wiki/Heartbleed#Discovery.

    Talk about it being "known" of before this is just speculation; there's lots of theories about the NSA, but there was no public knowledge of the existence of this bug before Apr 1, which is why everybody except Microsoft are scrambling now to fix the security hole.

    Hence my question - how could 10.1MR or even 10.2.1 - which was signed, sealed, and delivered to everybody but AT&T customers long before this bug was publicly discovered - have the fix? There are ways - they could have switched to a different SSL library, unaware of the extant bug in OpenSSL. But I haven't heard that they did any such thing.
    04-16-14 10:01 AM
  15. Dave Bourque's Avatar
    They aren't affected by the heart bleed bug because they aren't going to use open source insecure software... openssl isn't being used by BlackBerry with exception of iOS and Android BBM.

    Z10STL100-3/10.2.1.2141
    04-16-14 10:28 AM
  16. VictorRight's Avatar
    My new sent emails (since updating att 10.2) are disappearing even though in Settings Displays & Actions has the Show the Sent Messages to on. What can I do? As soon as I send one message it shows the check mark next to the message and a second later it disappears.

    Posted via CB10
    04-16-14 01:26 PM
  17. VictorRight's Avatar
    Working! In BlackBerry Hub settings then Display & Actions then Email accounts then Edit accounts I prompted yes to Append Messages to Sent folder. Works now. Never had this happen before.

    Posted via CB10
    04-16-14 02:02 PM
  18. joeldf's Avatar
    They aren't affected by the heart bleed bug because they aren't going to use open source insecure software... openssl isn't being used by BlackBerry with exception of iOS and Android BBM.

    Z10STL100-3/10.2.1.2141
    And Link apparently, according to BlackBerry's own assessment on April 10. But, it seems to be used more between the phone and PC, and not for any outbound traffic. Still, they need to plug that up.

    BB10 OS itself has no vulnerability to it at all and never did. In fact, none of the OS software, including the legacy OS is affected.

    The bug going back to 10.1 that AT&T still had was a stack-based buffer overflow vulnerability. It was reported on CrackBerry back on April 9 (and linked to a few posts after the OP above). The phone had to be in developer mode and the attacker on the same wi-fi network to exploit it. Over USB, an attacker had to have physical access to the phone. It was not an easy thing to exploit and required two very specific circumstances. Only OSs older than 10.2.0.1055 were affected. So even 10.1 MR wasn't fixed yet.

    Posted via CB10
    04-16-14 02:14 PM
  19. Dave Bourque's Avatar
    And Link apparently, according to BlackBerry's own assessment on April 10. But, it seems to be used more between the phone and PC, and not for any outbound traffic. Still, they need to plug that up.

    BB10 OS itself has no vulnerability to it at all and never did. In fact, none of the OS software, including the legacy OS is affected.

    The bug going back to 10.1 that AT&T still had was a stack-based buffer overflow vulnerability. It was reported on CrackBerry back on April 9 (and linked to a few posts after the OP above). The phone had to be in developer mode and the attacker on the same wi-fi network to exploit it. Over USB, an attacker had to have physical access to the phone. It was not an easy thing to exploit and required two very specific circumstances. Only OSs older than 10.2.0.1055 were affected. So even 10.1 MR wasn't fixed yet.

    Posted via CB10
    They shouldn't be using openssl in the first place for any of their software... even if it's iOS and android or BlackBerry link.

    Z10STL100-3/10.2.1.2141
    04-16-14 03:46 PM
  20. privateeyes's Avatar
    Not to play semantics but "discovered" might not be the correct word. Perhaps "published" or "released" would be better. I believe the heartbleed threat was known of for some time - it was only brought into the light recently.
    This would be correct.
    They would not publish this right away until they knew what type of threat they were dealing with and what it affected and if and how it could be stopped or corrected.

    Like mentioned before we should be thanking heartbleed for update not latet&t if it were up to at&t we would all still be on 10.1 unless we used other means as I and many other have to get updates. At&t sucks by far the worse U.S carriers when it comes to BlackBerry and their customers. Look forward to the day another new or current carrier can bring the evil empire to it's knees and then they beg for our service.

    Posted via CB10
    04-16-14 10:25 PM
  21. cowboyxjon's Avatar
    I had used Sachesi to get the Rogers 10.2.1 a month or two ago but I got the update from AT&T last night on my originally locked, but now unlocked AT&T Z10. One interesting thing is that the description of the update said something like "this is a required update" vs the usual info about new features etc. Made me think of this thread.

    Posted via CB10
    04-17-14 01:38 PM

Similar Threads

  1. I can't open android apps since I upgraded to 10.2
    By leocarv84 in forum General BlackBerry News, Discussion & Rumors
    Replies: 18
    Last Post: 04-19-14, 10:29 PM
  2. Replies: 23
    Last Post: 04-19-14, 06:09 PM
  3. Bluetooth file transfer from PlayBook to Z10?
    By roguerebellions in forum BlackBerry PlayBook
    Replies: 9
    Last Post: 04-18-14, 06:38 AM
  4. BBM on iPhone down right now?
    By coolbold in forum General BBM Chat
    Replies: 39
    Last Post: 04-16-14, 01:12 AM
  5. BlackBerry needs to release more high end phones.
    By OneofLittleHarmony in forum General BlackBerry News, Discussion & Rumors
    Replies: 4
    Last Post: 04-15-14, 10:37 PM
LINK TO POST COPIED TO CLIPBOARD