khawkins
commented
10 years ago We'll be updating OpenSSL for our next release. All of the security fixes for the past several OpenSSL releases have focused around secure network transport bugs. We use OpenSSL exclusively for its encryption facilities for secure storage. Thanks for reporting, though. We'll post here when we've updated to the latest.
POODLE: https://www.us-cert.gov/ncas/alerts/TA14-290A recommends OpenSSL 1.0.1 users should upgrade to 1.0.1j.
Current version included in SDK appears to be 1.0.1g