Apple Says Heartbleed Security Vulnerability Did Not Affect Apple Software, Web Services


Re/code reports that Apple has confirmed iOS, OS X and its key web services were not affected by the Heartbleed security bug. An Apple spokesperson told Re/code’s Mike Isaac:

“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected.”

On Tuesday, security researchers discovered a critical vulnerability in recent versions of OpenSSL, a technology that allows encrypted communication between millions of websites and their visitors and is being used by approximately two-thirds of the world’s web servers.

Any website that has been keeping up with the OpenSSL updates has a vulnerability which allows an attacker to retrieve as many 64k chunks of memory as necessary. The block of memory could contain private and critical information, like passwords and encryption information that could allow the attacker to decrypt private information and communications (to and from the server).

The researchers said even after vulnerable websites patch the OpenSSL bug, they may still remain vulnerable to attacks, requiring them to revoke any exposed keys, reissuing new keys, and invalidating all session keys and session cookies.

Hopefully, companies and organizations running vulnerable versions of OpenSSL will ask their users to change their passwords, and the companies should upgrade their machines and servers to the latest version (OpenSSL 1.0.1g), which patches the bug.

Major Internet companies like Google, Facebook, and Yahoo scrambled to fix their affected services yesterday, but they admit there could have been a point in time where their web services could have been affected by the Heartbleed security flaw.

Users are encouraged to change their online passwords on sites which have any personal or payment information. It is also recommend that users use a password manager like PasswordBox or 1Password to create and store your long and secure passwords.

Check out this post for full information about the Heartbleed bug and what you can do to protect yourself.