A very serious security vulnerability referred to as the “Heartbleed” virus is being covered widely in the press. “Heartbleed” allows an unauthorized user to potentially extract passwords, encryption keys, and other security data such as session tokens from vulnerable systems. The vulnerability is in the open source package OpenSSL, which is used in a wide range of products from many vendors, including Polycom.
Polycom believes that security is of the utmost importance. Our Product Security team is closely monitoring “Heartbleed” and has developed and posted a security advisory that lists Polycom products and versions that are vulnerable. The security advisory document provides information on when patches will be available for vulnerable products and the process to obtain these patches. Please note that these security patches are available at no charge to customers.
This information is also available on Polycom’s public security page http://www.polycom.com/security.
The security advisory is being updated as more information becomes available.
Please review this information and share it with your teams and customers.
Polycom Product Security Office