Apple Confirms Heartbleed Vulnerability Doesn't Affect iOS, OS X, or 'Key Services'


Apple released a statement Thursday emphasizing that iOS, OS X, and "key services" are not affected by the OpenSSL vulnerability known as Heartbleed. The statement comes as the entire world goes nuts over the vulnerability, which is one of the biggest threats to hit the Internet in years.

“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told Re/code.

Heartbleed is an exploit targeting a vulnerability in a service within OpenSSL known as Heartbeat. It has the potential to expose security keys in encrypted online services to malicious hackers, and it was called a threat of "11" on a scale of 1 to 10 by Security researcher and writer Bruce Schneier.

As all of the Internet companies rush to patch software relying on versions of OpenSSL with the vulnerability, Apple's statement serves to let the world know that it isn't issuing similar patches because its software and services weren't relying on that version of OpenSSL.