Apple's colorful mainstream flagship, starting at $749.
Apple Confirms 'Heartbleed' Security Issue Did Not Affect Apple Software and 'Key Services'
Apple today released a statement to Re/code confirming that iOS, OS X and "key web services" were unaffected by the widely publicized security flaw known as Heartbleed which was disclosed earlier this week.“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected,” an Apple spokesperson told Re/code.Heartbleed was a security flaw in the popular open-source software OpenSSL which helps provide secure connections between clients and servers. Due the ubiquity of OpenSSL, Heartbleed is believed to have affected approximately 66% of the internet.
Security blogger Bruce Schneier describes the issue as "catastrophic" and on "the scale of 1 to 10, this is an 11." The flaw allowed servers to leak server memory to a malicious attacker, allowing hackers to extract login/password and other private data from a server. Users are recommended to change their passwords on all services that may have been affected. Mashable provides a list of services where you should change your password. Fortunately, MacRumors Forums were unaffected by the security flaw.
[ 203 comments ]
Top Rated Comments
(View all)
58 months ago
Apple could not resist that zinger :p
Android apparently incorporated it. Ouch.
Android apparently incorporated it. Ouch.
58 months ago
That's good. You know if Apple had been affected, all the headlines would be reading "Apple's Security Failure"
58 months ago
To people above me: right - remember SSL issue from not long ago?
The garden is walled, except for wholes found from time to time.
wholes?
hmm, I'm gonna think about that while I enjoy my hore.
58 months ago
It's not important that Apple takes security very seriously and it doesn't even matter in this case - nobody (maybe except for the NSA^^) knew about this issue, so there wouldn't have been anything Apple could have done.
Not exactly. OpenSSL has gotten a lot of flack in the past for being a shoddy library. There's plenty of security researchers who've looked through the code and said it's a mess. So perhaps Apple knew to stay away where possible. In other cases, it was a lucky accident that they pinned OpenSSL on OS X to the older 0.9.8 which wasn't vulnerable.
Either way, it's a PR win for Apple, especially compared to Android which is vulnerable. And you can bet that many of the old versions of Android people are running will never get patched by carriers.
58 months ago
Their statement contained a bit of marketing blahblah.
It's not important that Apple takes security very seriously and it doesn't even matter in this case - nobody (maybe except for the NSA^^) knew about this issue, so there wouldn't have been anything Apple could have done.
It's not important that Apple takes security very seriously and it doesn't even matter in this case - nobody (maybe except for the NSA^^) knew about this issue, so there wouldn't have been anything Apple could have done.
58 months ago
To people above me: right - remember SSL issue from not long ago?
The garden is walled, except for holes found from time to time.
The garden is walled, except for holes found from time to time.
58 months ago
Do you know why Apple services and products were not affected? Pure dumb luck.
Apple is just lazy - they keep their BSD subsystem ridiculously outdated:
Although 0.9.8y was released earlier this year, it was a minor point release for a major version of SSL originally released in 2005. :eek:
You say Apple is lazy. But maybe there is a reason why they didn't upgrade. Maybe they did a careful review of this version 0.9.8y. And they didn't want to switch to another version with another very careful review - which turned out to be the right decision.
58 months ago
Marketing fluff
Apple is bragging that they never included the 1.0.1 release of OpenSSL as if they carefully vetted the security of each library they include. In reality they're just behind on OpenSSL and by complete luck didn't get burned by this one. Mavericks shipped with 0.9.8y from last year. Nice spin from the PR guys, but they avoided this by chance only.
Apple is bragging that they never included the 1.0.1 release of OpenSSL as if they carefully vetted the security of each library they include. In reality they're just behind on OpenSSL and by complete luck didn't get burned by this one. Mavericks shipped with 0.9.8y from last year. Nice spin from the PR guys, but they avoided this by chance only.
58 months ago
Also did not affect those running web services on Mountain Lion and Mavericks:
https://twitter.com/ConsultantRR/status/453527858078814208 (https://twitter.com/ConsultantRR/status/453527858078814208)
https://twitter.com/ConsultantRR/status/453527858078814208 (https://twitter.com/ConsultantRR/status/453527858078814208)
[ Read All Comments ]
Google today announced a new group planning feature for Google Maps on iOS and Android, which aims to make it easier for a group of friends to decide on a place to eat.
To use the feature, open...
Google says it is willing to make changes to its new Chrome auto-login feature, following heavy criticism from privacy-conscious users.
In previous versions of the browser, it was left up to the...
Apple has removed a number of results from Siri Suggested Websites after BuzzFeed highlighted several examples of the feature offering up "debunked conspiracies, shock videos, and false...
Apple Pay is expected to be available in 60 percent of retail locations in the United States by the end of the year, Apple's VP of Apple Pay Jennifer Bailey told Fortune today in an interview at...
A rare fully operational Apple-1 computer auctioned off by RR Auction at WeWorks in Boston today fetched a total of $375,000.
The Apple-1 came from a person who purchased the machine from...
Rachio today announced that it has added HomeKit support to its Rachio 3 Smart Sprinkler Controller, allowing the device to work with Siri and other HomeKit accessories to control sprinklers.
...
About one year ago smart lock company August Home was acquired by Swedish lock manufacturer Assa Abloy, which also owns Yale and a few other lock brands. Today, Yale and August announced that they...
Instagram co-founders Kevin Systrom and Mike Krieger have left Facebook, explaining in a statement this week that they are taking some time off to "explore our curiosity and creativity...
