Is Symantec Encryption Desktop vulnerable to the OpenSSL "Heartbleed" attack (CVE-2014-0160)?

book

Article ID: 159179

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption

Issue/Introduction

Only OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) are affected by the "Heartbleed" bug (CVE-2014-0160). Versions below 1.0.1 (such as 0.9.8) are not affected.

See https://www.openssl.org/news/secadv_20140407.txt for more information.

Resolution

Symantec Encryption Desktop, Symantec Drive Encryption, PGP Desktop, and PGP Whole Disk Encryption do not utilize openssl and therefore are not vulnerable to this attack.