We're getting reports of client applications that are vulnerable to the heartbleed issue. Just as with server applications, these client applications are dependant on vulnerable versions of OpenSSL.
Another "patch soon" problem, you say? The patch will be installed when the vendor ... oh, wait a minute. Just exactly when will your TV's manufacturer update the web browser on your TV? And when will you be applying that patch? How about your in-laws TV? This vulnerability on the client side has the potential to be much longer-lived than on servers.
more here......https://isc.sans.edu/forums/diary/The+Other+Side+of+Heartbleed+-+Client+Vulnerabilities/17945
Another "patch soon" problem, you say? The patch will be installed when the vendor ... oh, wait a minute. Just exactly when will your TV's manufacturer update the web browser on your TV? And when will you be applying that patch? How about your in-laws TV? This vulnerability on the client side has the potential to be much longer-lived than on servers.
more here......https://isc.sans.edu/forums/diary/The+Other+Side+of+Heartbleed+-+Client+Vulnerabilities/17945