Apple Confirms 'Heartbleed' Security Issue Did Not Affect Apple Software and 'Key Services' - MacRumors
Skip to Content

Apple Confirms 'Heartbleed' Security Issue Did Not Affect Apple Software and 'Key Services'

by

heartbleed_200Apple today released a statement to Re/code confirming that iOS, OS X and "key web services" were unaffected by the widely publicized security flaw known as Heartbleed which was disclosed earlier this week.

“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected,” an Apple spokesperson told Re/code.

Heartbleed was a security flaw in the popular open-source software OpenSSL which helps provide secure connections between clients and servers. Due the ubiquity of OpenSSL, Heartbleed is believed to have affected approximately 66% of the internet.

Security blogger Bruce Schneier describes the issue as "catastrophic" and on "the scale of 1 to 10, this is an 11." The flaw allowed servers to leak server memory to a malicious attacker, allowing hackers to extract login/password and other private data from a server. Users are recommended to change their passwords on all services that may have been affected. Mashable provides a list of services where you should change your password. Fortunately, MacRumors Forums were unaffected by the security flaw.

Popular Stories

iPhone 18 Pro Deep Red Feature

iPhone 18 Pro Launching Later This Year With These 12 New Features

Wednesday March 18, 2026 7:39 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another six months or so, there are already plenty of rumors about the devices. It was initially reported that the iPhone 18 Pro models would have fully under-screen Face ID, with only a front camera visible in the top-left corner of the screen. However, the latest rumors indicate that only one Face ID component...
Read Full Article78 comments
Apple Logo Sketch Feature

Apple Has Now Unveiled Eight New Products This Month

Tuesday March 17, 2026 9:25 am PDT by
Apple has unveiled a whopping eight new products so far this March, including an iPhone 17e, iPad Air models with the M4 chip, MacBook Air models with the M5 chip, MacBook Pro models with M5 Pro and M5 Max chips, an updated Studio Display, a higher-end Studio Display XDR, and now the AirPods Max 2 this week. iPhone 17e features the same overall design as the iPhone 16e, but it gains Apple's...
Read Full Article
ios 26 4 yellow

Here Are Apple's Release Notes for iOS 26.4

Wednesday March 18, 2026 11:56 am PDT by
Apple provided developers and public beta testers with the release candidate versions of iOS 26.4 and iPadOS 26.4, which means we're going to see a public launch as soon as next week. The RC versions of the software include Apple's official release notes, giving us final details on what's included in the update. Apple Music - Playlist Playground (beta) generates a playlist from your...
Read Full Article102 comments

Top Rated Comments

J
Jedibugs
156 months ago
That's good. You know if Apple had been affected, all the headlines would be reading "Apple's Security Failure"
Score: 19 Votes (Like | Disagree)
BornAgainApple Avatar
BornAgainApple
156 months ago
This is what a Walled Garden gets you :apple:
Score: 19 Votes (Like | Disagree)
dugbug Avatar
dugbug
156 months ago
Apple could not resist that zinger :p

Android apparently incorporated it. Ouch.
Score: 19 Votes (Like | Disagree)
robeddie Avatar
robeddie
156 months ago
To people above me: right - remember SSL issue from not long ago?
The garden is walled, except for wholes found from time to time.

wholes?

hmm, I'm gonna think about that while I enjoy my hore.
Score: 15 Votes (Like | Disagree)
P
petsounds
156 months ago

It's not important that Apple takes security very seriously and it doesn't even matter in this case - nobody (maybe except for the NSA^^) knew about this issue, so there wouldn't have been anything Apple could have done.
Not exactly. OpenSSL has gotten a lot of flack in the past for being a shoddy library. There's plenty of security researchers who've looked through the code and said it's a mess. So perhaps Apple knew to stay away where possible. In other cases, it was a lucky accident that they pinned OpenSSL on OS X to the older 0.9.8 which wasn't vulnerable.

Either way, it's a PR win for Apple, especially compared to Android which is vulnerable. And you can bet that many of the old versions of Android people are running will never get patched by carriers.
Score: 14 Votes (Like | Disagree)
S
SILen(e
156 months ago
Their statement contained a bit of marketing blahblah.

It's not important that Apple takes security very seriously and it doesn't even matter in this case - nobody (maybe except for the NSA^^) knew about this issue, so there wouldn't have been anything Apple could have done.
Score: 13 Votes (Like | Disagree)
Read All Comments