A vulnerability has been discovered in the OpenSSL cryptographic software version 1.0.1 to 1.0.1f widely used across the Internet for banking, investment, medical and other encrypted network traffic. The Heartbleed OpenSSL vulnerability works by allowing the certificate checking to be corrupted and traffic across a network to be monitored and some have called eavesdropping. Below are updates by Xerox and Kip regarding their exposure to the Heartbleed bug. Once I get information from Canon and Sharp, I will update the post.

In early April 2014, KIP was advised of the vulnerability known as Heartbleed in an open-source and widely-used Secure Socket Layer toolkit (OpenSSL). The vulnerability allows unauthenticated access to portions of the computer system memory. The code defect has acquired a substantial amount of media attention due to the ease with which the defect can be exploited and the potential exposure to sensitive information.

KIP is pleased to announce that all KIP Print and Scan systems including:

·         KIP Print Controllers (PPEC/IPS/KS8)

·         KIP Software & Applications

·         KIP Drivers

are not affected by this vulnerability.

The information below contains products that Xerox currently sells and some that they have recently stopped selling. If your product is not listed, it is probably older and therefore would have a version of OpenSSL that is not susceptible to Heartbleed. The vulnerable version of OpenSSL was published on April 19, 2002. If you acquired a Xerox device prior to that, you should be fine.