Following its discovery online and in selected Android smartphones in April and with months of relative silence following between ZTE and Tracfone on whether or not the phone would be patched, ZTE has officially released the patch for the vulnerability on its website with full instructions on how to apply the fix. The update does nothing more than patch the vulnerability, it does not add any other updates or fixes. The phone is one of the few that ran the affected version of Android in 4.1.1 along with many other smartphone models and was also most recently closed out by multiple retailers in April.
The Heartbleed vulnerability initially affected internet security certificate implementation and resulted in a large-scale patching of many popular websites which ran the OpenSSL security certificate protocol which was meant to keep sensitive information such as passwords and personal information secure through a high-level encryption algorithm. The vulnerability has since been patched all the way down to the protocol itself, with the Valet being one of the remaining devices affected until now.