Apple Confirms 'Heartbleed' Security Issue Did Not Affect Apple Software and 'Key Services'

heartbleed_200Apple today released a statement to Re/code confirming that iOS, OS X and "key web services" were unaffected by the widely publicized security flaw known as Heartbleed which was disclosed earlier this week.

“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected,” an Apple spokesperson told Re/code.

Heartbleed was a security flaw in the popular open-source software OpenSSL which helps provide secure connections between clients and servers. Due the ubiquity of OpenSSL, Heartbleed is believed to have affected approximately 66% of the internet.

Security blogger Bruce Schneier describes the issue as "catastrophic" and on "the scale of 1 to 10, this is an 11." The flaw allowed servers to leak server memory to a malicious attacker, allowing hackers to extract login/password and other private data from a server. Users are recommended to change their passwords on all services that may have been affected. Mashable provides a list of services where you should change your password. Fortunately, MacRumors Forums were unaffected by the security flaw.

Top Rated Comments

Jedibugs Avatar
129 months ago
That's good. You know if Apple had been affected, all the headlines would be reading "Apple's Security Failure"
Score: 19 Votes (Like | Disagree)
BornAgainApple Avatar
129 months ago
This is what a Walled Garden gets you :apple:
Score: 19 Votes (Like | Disagree)
dugbug Avatar
129 months ago
Apple could not resist that zinger :p

Android apparently incorporated it. Ouch.
Score: 19 Votes (Like | Disagree)
robeddie Avatar
129 months ago
To people above me: right - remember SSL issue from not long ago?
The garden is walled, except for wholes found from time to time.

wholes?

hmm, I'm gonna think about that while I enjoy my hore.
Score: 15 Votes (Like | Disagree)
petsounds Avatar
129 months ago

It's not important that Apple takes security very seriously and it doesn't even matter in this case - nobody (maybe except for the NSA^^) knew about this issue, so there wouldn't have been anything Apple could have done.
Not exactly. OpenSSL has gotten a lot of flack in the past for being a shoddy library. There's plenty of security researchers who've looked through the code and said it's a mess. So perhaps Apple knew to stay away where possible. In other cases, it was a lucky accident that they pinned OpenSSL on OS X to the older 0.9.8 which wasn't vulnerable.

Either way, it's a PR win for Apple, especially compared to Android which is vulnerable. And you can bet that many of the old versions of Android people are running will never get patched by carriers.
Score: 14 Votes (Like | Disagree)
SILen(e Avatar
129 months ago
Their statement contained a bit of marketing blahblah.

It's not important that Apple takes security very seriously and it doesn't even matter in this case - nobody (maybe except for the NSA^^) knew about this issue, so there wouldn't have been anything Apple could have done.
Score: 13 Votes (Like | Disagree)

Popular Stories

Apple car wheel icon feature yellow

Apple Cancels Electric Car Project

Tuesday February 27, 2024 11:05 am PST by
Apple has canceled all plans to release an autonomous, electric vehicle, reports Bloomberg. Apple has been working on an Apple Car for more than a decade and invested millions of dollars into development before deciding it was not a viable project. Apple's Chief Operating Officer Jeff Williams today told approximately 2,000 employees working on the Apple Car that the project was canceled,...
Beyond iPhone 13 Better Blue Face ID Single Camera Hole

Six Reasons to Wait for Next Year's iPhone 17

Thursday February 22, 2024 4:20 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models concurrently, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different, and already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...
General Apps Messages

iOS 17.4 to Add This 'Groundbreaking' New Messaging Feature

Friday February 23, 2024 5:05 am PST by
With iOS 17.4, set to arrive in March 2024, Apple is bringing a new cryptographic security feature to iMessage called PQ3. This "groundbreaking" and "state-of-the-art" protocol provides "extensive defenses against even highly sophisticated quantum attacks," according to Apple. Let's break down what that means. Apple's iMessage service already supports end-to-end encryption, but security...
iOS 17

iOS 17.4 Coming Soon With These New Features for Your iPhone

Monday February 26, 2024 6:08 am PST by
In a press release last month, Apple confirmed that iOS 17.4 will be released in March, and the update includes several new features and changes for the iPhone. Key new features in iOS 17.4 include major App Store changes in the EU, Apple Podcasts transcripts, and an iMessage security upgrade. The update also adds new emoji and includes preparations for the launch of next-generation CarPlay...
iOS 18 Mock iPhone 16 Feature Gray

iOS 18 Rumored to Be Compatible With These iPhone Models

Tuesday February 27, 2024 6:31 am PST by
iOS 18 will be compatible with the iPhone XR, and thereby also the iPhone XS and iPhone XS Max models with the same A12 Bionic chip, according to a post on X today from a private account with a proven track record of sharing build numbers for upcoming iOS updates. The post was spotted by MacRumors contributor Aaron Perris, and it has since been deleted. However, this was likely because the...
applearcade

Game Developers Describe 'Smell of Death' Around Apple Arcade

Monday February 26, 2024 7:24 am PST by
Some game developers are dissatisfied with Apple Arcade amid concerns about the subscription service's future, a new report claims. Sources speaking to mobilegamer.biz described a "smell of death" around Apple's games subscription service and noted the difference between the company's investment in TV and music, and its interest in games. "At the very top of the company there needs to be a ...