Apple Confirms ‘Heartbleed’ Security Issue Did Not Affect Apple Software and ‘Key Services’
Apple today released a statement to Re/code confirming that iOS, OS X and “key web services” were unaffected by the widely publicized security flaw known as Heartbleed which was disclosed earlier this week.
“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected,” an Apple spokesperson told Re/code.
Heartbleed was a security flaw in the popular open-source software OpenSSL which helps provide secure connections between clients and servers. Due the ubiquity of OpenSSL, Heartbleed is believed to have affected approximately 66% of the internet.
Security blogger Bruce Schneier describes the issue as “catastrophic” and on “the scale of 1 to 10, this is an 11.” The flaw allowed servers to leak server memory to a malicious attacker, allowing hackers to extract login/password and other private data from a server. Users are recommended to change their passwords on all services that may have been affected. Mashable provides a list of services where you should change your password. Fortunately, MacRumors Forums were unaffected by the security flaw.
AIVAnet 