Jump to content


Heartbleed and the Y300

  • Please log in to reply
2 replies to this topic




  • Members
  • Pip
  • 16 posts
  • Devices:(not so) Orange San Fran

I know that it is obviously more productive to target servers and therefore individual devices are unlikely to be attacked.  All the same, devices running 4.1.1 (and therefore any stock-based ROM) are vulnerable to this flaw.


Is there a known way to update the OpenSSL libraries in a stock ROM with secured versions?  Otherwise, it would appear that Huawei have slated 10-5-14 as a release date for a fixed B197 stock ROM.  Can those with dev experience clarify if it will be possible to replace OpenSSL with, say a CWM-flashable zip, on existing ROMs, using the version from the new stock ROM, once it is released?



  • 0




  • Members
  • PipPipPipPipPipPip
  • 1,271 posts
  • Gender:Male
  • Devices:Xiaomi Redmi 1S
There is a heartbleed fix wich is working on fusionX (i tested :D )
I think it will work on all stock based ROMs

  • 0




  • Members
  • PipPipPipPipPip
  • 613 posts
  • Gender:Not Telling

You could extract any libssl.so (located on your device @  /system/lib/ ) from an 4.1.2 ROM of your choice, like CM10 for example. Take a look @this. Someone extracted the libssl.so already and prepared an updater ZIP: https://www.dropbox....stall-patch.zip


It's up to you wheather you extract the file on your own from any ROM or if you trust that guy's file.

  • 0

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users