A major vulnerability was uncovered April 7, 2014 which affects a majority of web service providers. The exploit is related to OpenSSL’s heartbeat extension which could enable a malicious attacker to access private keys. The bug has been present in OpenSSL since December 2011, and was brought to light April 7, 2014. You can find more information about the exploit termed “Heartbleed” (CVE-2014-0160) at http://www.openssl.org/news/vulnerabilities.html.
Our operations team reacted immediately to this and has taken the necessary steps to secure our infrastructure, ensuring the appropriate secure versions of OpenSSL are in place.
We strongly encourage our partners who are running Eyeball servers of their own which depend on OpenSSL to upgrade your servers to the latest version with the vulnerability fixed. The following is the current status of OpenSSL versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
Note that Eyeball uses non-vulnerable versions. We hope that this answers any questions you may have about the impact of CVE-2014-0160 on your Eyeball applications.