Security: Heartbleed Updates Follow

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

What versions of the OpenSSL are affected?

Status of different versions:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

How does this affect the Zoom clients/apps? 

  • Zoom clients use OpenSSL 1.0.0 and are NOT vulnerable

How does this affect the Zoom cloud (zoom.us)? 

  • Zoom application servers that run on the Zoom cloud use OpenSSL 1.0.0 and are NOT vulnerable
  • We regenerated the private key and new certificate for *.zoom.us was deployed on AWS ELB
  • We also re-keyed the API key and pass for all 3rd party service integration

How does this affect my password? 

We have found no reason to believe that any user data or credentials were compromised.

 

 

Was this article helpful?
Have more questions? Submit a request
Powered by Zendesk