The Internet security world mobilized to tackle the Heartbleed software bug. But although most of the holes have been patched, a big one remains: Millions of smartphones still operate on Android version 4.1.1, which remains vulnerable to hackers exploiting a design flaw in the bedrock encryption software OpenSSL. It’s a good time to check what your phone is running.
The bug and its repairs were announced on April 7. A week later, however, phones and tablets running on Android 4.1.1 remain at risk. More than a third of the 900 million mobile devices running Android use the 4.1 “Jellybean” version, which Google released in mid-2012. Version 4.2 replaced the 4.1 variations later that year.