Apple Confirms Heartbleed Vulnerability Doesn’t Affect iOS, OS X, or ‘Key Services’

| News

HeartbleedHeartbleed

Apple released a statement Thursday emphasizing that iOS, OS X, and "key services" are not affected by the OpenSSL vulnerability known as Heartbleed. The statement comes as the entire world goes nuts over the vulnerability, which is one of the biggest threats to hit the Internet in years.

“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told Re/code.

Heartbleed is an exploit targeting a vulnerability in a service within OpenSSL known as Heartbeat. It has the potential to expose security keys in encrypted online services to malicious hackers, and it was called a threat of "11" on a scale of 1 to 10 by Security researcher and writer Bruce Schneier.

As all of the Internet companies rush to patch software relying on versions of OpenSSL with the vulnerability, Apple's statement serves to let the world know that it isn't issuing similar patches because its software and services weren't relying on that version of OpenSSL.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

Lee Dronick

Am I correct that that Heartbleed only affected website servers running Apache? If so then Apple, and other businesses, run websites under a different software.

This morning I read an article at Mashable. that listed websites that were not affected.

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

Call-151

Doesn’t Affect, not “Effect”—Please!

Bryan Chaffin

Thanks for catching that, Call-151. It’s fixed now.

Log-in to comment