There has been plenty of talk regarding "Heartbleed" lately. For those who may have somehow missed that story, the simple version is that Heartbleed is a flaw in OpenSSL. But while that is simple to say, this is causing issues for quite a few people. On the flip side, we do have a bit of good news for Android users.
It seems Heartbleed is only causing issues for one specific version of Android. Google recently shared some details on the official Online Security Blog and mentioned how "all versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1.)" For reference, CVE-2014-0160 is Heartbleed.
There hasn't been any specific timeline given as to when an update can be expected for Android 4.1.1. Google said "patching information for Android 4.1.1 is being distributed to Android partners." Basically, it sounds like Google has the fix ready for 4.1.1 users and it is just a matter of when the partners and carriers are ready to begin the rollouts.
Google has combined some of the numbers in recent distribution reports so it is hard to get an accurate figure here. But that said, according to the numbers coming from earlier this month, Android 4.1.x currently accounts for 34.4 percent of Android usage. We can only hope the patching update rolls out quickly, and that Android 4.1.1 makes up a small percentage of the overall Android 4.1.x figure.
SOURCE: Google Online Security Blog