Zen Pinball HD 1.18 Updates OpenSSL To Version 1.0.1g - Safe For All Android Devices

[PiN WiZ]

Just wanted to give everyone a heads up that the Heartbleed bug, which is a serious vulnerability in the popular OpenSSL cryptographic software library, is present in the Android version of Zen Pinball HD. I've removed it from my Galaxy S4 and have informed Zen Studios of the vulnerability of their app.

I would advise everyone, that hasn't done so already, to download the Bluebox Heartbleed Scanner from Google Play and scan your Android device(s) as other apps may also be vulnerable to the Heartbleed bug.

You can find detailed information on this serious bug HERE.

UPDATE : The Zen Pinball HD 1.18 Android update eliminates the Heartbleed vulnerability by updating OpenSSL to version 1.0.1g.

 

[Rudy hates me]

Thanks for the heads up. I don't have Zen on my tablet, but I'll be downloading the scanner right after this post!

 

[Xanija]

But wouldn't that mean Zen Pinball had to act as a server in order to give out data from the memory block?

 

[netizen]

It could mean that the Swarm accounts are vulnerable to being scraped, or the Google Play account info details can be scraped. Either way it's not a good thing.

On top of the Zen HD, the Castle Storm Beta is insecure, and I will assume their SLF Beta is too; I had already removed that one previously.

 

[PiN WiZ]

Our good friend Nik Barbour has informed Zen Studios of this bug and they are currently looking into it. My intent was never to persuade others to uninstall Zen Pinball HD and forget about it, but rather to make everyone aware of the immediate vulnerability this bug causes on Android devices. I play Zen Pinball/Pinball FX as well and have purchased all of their tables on multiple platforms and devices and will continue to do so to support them. Hopefully Zen can rectify this issue rather quickly so that I, as well as many others, can purchase the new Star Wars tables for our Android devices with peace of mind.

I'll post an update here as soon as Zen resolves this issue.

If you're reading this Nik, thanks for passing this issue along to Zen as Barbie never answered my FB post and I don't have an account on Zen's official forum.

 

[PinPipe]

Just had Bluebox running. And Zen still shows up as vulnerable.
As I headed over to the Zen-forum to have a look at the according thread, I couldn't find it anymore. Searching for "heartbleed" only produced one other thread (topic was Castle Storm).

Quote Originally Posted by n3tizen:
"Castle Storm uses Open SSL v. 1.0.1e which is vulnerable to heartbleed.

This should be patched ASAP, I will be removing castle storm until it is patched and publicly announced."

Barbies answer:
"Just to confirm, there is nothing to worry about with this, we have made sure there are no issues with this with any of our apps."

I wonder what to think about this. Am I getting paranoid, or did they really deleted the thread?

 

[netizen]

castlestorm has been updated to openSSL 1.0.1g so no heartbleed there anymore

And according to the bluebox scanner I am using I have a notification that says 1.0.1e is vulnerable but heartbleeds are disabled so you're safe; this is the version that Zen is using and was using previously on Castlestorm.

 

[Biff]

Yes, the attack and bug got the name "heartbleed" because of the security flaw in the heartbeat extension.
So the really important question is, if the heartbeat function is enabled or disabled.

 

[PiN WiZ]

Still no update from Barbie or Zen Studios regarding this issue. I'm hoping they resolve it soon so that I can continue to support them by re-installing Zen Pinball HD on my Galaxy S4 and purchasing the last four Star Wars tables...and of course play all the other tables that I have previously purchased.

 

[PiN WiZ]

UPDATE Zen Pinball HD 1.18 Updates OpenSSL To Version 1.0.1g - Now Safe For All Android Devices


The Zen Pinball HD 1.18 Android update eliminates the Heartbleed vulnerability by updating OpenSSL to version 1.0.1g.

I've re-installed Zen Pinball HD on my Galaxy S4 and completed my collection with the purchase of the latest Star Wars pack and Deadpool. Thanks Zen!