Apple Says iOS, OSX and “Key Web Services” Not Affected by Heartbleed
Security Flaw

April 10, 2014, 1:42 PM PDT

By Mike Isaac

Apple said Thursday that its mobile, desktop and Web services weren’t
affected by a major flaw in a set of security software used by hundreds
of thousands of websites.

The flaw, codenamed “Heartbleed” and first reported by Web security firm
Codenomicon, was discovered in a technology called “OpenSSL” — a set of
encryption software used by Web companies to safeguard user information.
Sites that use OpenSSL will display a small “lock” icon in the top
left-hand corner of your Web browser’s address bar (though not all sites
showing this lock use OpenSSL); the technology is used on more than
two-thirds of websites across the Internet.

“Apple takes security very seriously. IOS and OS X never incorporated
the vulnerable software and key Web-based services were not affected,”
an Apple spokesperson told Re/code.

Apple’s statement comes in the days after the disclosure rocked
companies and Web security wonks across the world; security expert Bruce
Schneier called Heartbleed “catastrophic” in a blog post this week. “On
the scale of 1 to 10, this is an 11,” he wrote.

Major Internet firms scrambled to issue patches to fix the flaw in their
Web services in the following days, but companies like Facebook, Google
and Yahoo all admitted periods of time in which their services could
have been susceptible to the Heartbleed flaw.

Security experts have reminded users to update passwords across any
sites that may have been affected, but only after the companies have
updated their security software.

http://tinyurl.com/lsxl8xe