We will be updating this page with new information as it becomes available, so please check back regularly.
Subscribe for updates
June 5, 2014 (6:00 PDT):
On June 5th, the OpenSSL security team released a security advisory
for seven newly discovered vulnerabilities, two of which are considered critical. One of the critical vulnerabilities (CVE-2014-0224
) could let an attacker carry out a man-in-the-middle attack
(MITM), allowing them to intercept encrypted traffic between a vulnerable client and a vulnerable server. While CVE-2014-0224 may seem similar to Heartbleed, it is much harder to exploit since it requires an attacker to intercept the communication between the client and server.
At this time, there are no reports of these vulnerabilities being exploited in the wild and no proof of concepts have been shared.
For more details on these vulnerabilities, please refer to Symantec’s Security Response blog post
Currently, the impact on Symantec products is unknown and still being investigated.
April 18, 2014 (16:27 PDT):
Symantec has posted a new blog written by our Security Response team titled, , which offers a new perspective on the recent Heartbleed vulnerability and tips to minimize your risk. Additionally, we're continuing to update our product matrix daily with the latest . We encourage our customers to keep checking this page and specific product support pages for current information and updates.
April 13, 2014 (15:15 PDT):
Symantec has posted a matrix with the . We will continue to update this with new information. We encourage our customers to keep checking this page and specific product support pages for current information and updates.
April 11, 2014 (22:35 PDT):
Symantec has identified that some of its products may be impacted by the OpensSSL vulnerability, dubbed Heartbleed. We have begun issuing advisories to our customers to alert them and provide mitigation solutions while we work to deploy any necessary patches. To date, we have not seen any malicious exploitation of this vulnerability. We encourage our customers to check specific product support pages, and this page for information and updates as well.
April 10, 2014 (15:15 PDT):
Our product teams are continuing their investigations of whether any products are impacted by this vulnerability. We recommend that you check your Symantec product support pages for the latest updates from these teams. You can subscribe to any Knowledge Base (KB) documents on the product support pages to ensure you automatically receive updates with any new information.
April 9, 2014 (21:00 PDT):
Symantec is aware of and currently investigating the OpenSSL vulnerability, dubbed “Heartbleed”, which allows attackers to read the memory of the systems using vulnerable versions of the OpenSSL open source library. We will provide updates as they become available.
Symantec is aware of and currently investigating the OpenSSL vulnerability, dubbed “Heartbleed,” which allows attackers to read the memory of the systems using vulnerable versions of the OpenSSL open source library. This allows access to sensitive information such as private keys of certificates and login credentials, or other personal data.