Apple Confirms 'Heartbleed' Security Issue Did Not Affect Apple Software and 'Key Services'
Apple today released a statement to Re/code confirming that iOS, OS X and "key web services" were unaffected by the widely publicized security flaw known as Heartbleed which was disclosed earlier this week.
“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected,” an Apple spokesperson told Re/code.
Heartbleed was a security flaw in the popular open-source software OpenSSL which helps provide secure connections between clients and servers. Due the ubiquity of OpenSSL, Heartbleed is believed to have affected approximately 66% of the internet.
Security blogger Bruce Schneier describes the issue as "catastrophic" and on "the scale of 1 to 10, this is an 11." The flaw allowed servers to leak server memory to a malicious attacker, allowing hackers to extract login/password and other private data from a server. Users are recommended to change their passwords on all services that may have been affected. Mashable provides a list of services where you should change your password. Fortunately, MacRumors Forums were unaffected by the security flaw.
Top Rated Comments
Android apparently incorporated it. Ouch.
hmm, I'm gonna think about that while I enjoy my hore.
Either way, it's a PR win for Apple, especially compared to Android which is vulnerable. And you can bet that many of the old versions of Android people are running will never get patched by carriers.
It's not important that Apple takes security very seriously and it doesn't even matter in this case - nobody (maybe except for the NSA^^) knew about this issue, so there wouldn't have been anything Apple could have done.