PubNub services were patched on 15 October 2014 as a security precaution, with the disclosure of the POODLE exploit in the obsolete SSLv3 protocol.
There has been a recent security advisory published of a vulnerability in the handshake of the obsolete SSL version 3.0 (SSLv3) that would allow an attacker to disable the cryptographic security of sessions. The SSLv3 protocol is a mechanism used by browsers and servers to establish an encrypted connection.
The PubNub Network is configured to support HTTPS sessions automatically using more modern protocols TLS 1.0, TLS 1.1, and TLS 1.2. HTTPS remains available as an option to our customers and is not vulnerable to the POODLE exploit.
SSLv3 is generally considered an obsolete protocol that has been replaced in modern browsers with Transport Level Security (TLS).
PubNub supports TLS security on HTTPS sessions. The TLS protocol is not vulnerable to the POODLE exploit.