Heartbleed bug on the TracFone ZTE Valet Android phone, three months after the bug was discovered. Heartbleed is a flaw in the OpenSSL library that's responsible for encrypting Internet connections. The bug could allow hackers to intercept secure connections and steal passwords and personally identifiable information when the user is using the phone's browser or an app.
Heartbleed was discovered April 1,2014. It mainly affected Websites but phones running Android 4.1.1, like the Valet were also vulnerable. Most Websites were patched within two weeks of the bug's discovery. Google issued patching instructions for 4.1.1 to Android phone manufacturers on April 9 but it's taken a considerable amount of time for most manufacturers to issue patches.
Heartbleed is considered a critical vulnerability which was exploited to steal passwords from several websites. It's much more difficult to intercept the data stream from a phone and I'm not aware of any hacks of an Android phone that involved the Heartbleed bug. Nonetheless I recommend that all ZTE Valet users apply the patch.
To get the fix go to www.zteusa.com/phones/zte-valet.html and click on Support, then Software updates. Click the "Download Tool" link for instructions and the update.zip link for the actual patch.
The patch only fixes the Heartbleed bug, it doesn't include any other bug fixes or updates.
Image: "Heartbleed" by Leena Snidate / Codenomicon - http://heartbleed.com/heartbleed.svg. Licensed under CC0 via Wikimedia Commons.