Heartbleed: Apple says iOS, OSX, and other key web services not affected

Himanshu Arora

Posts: 902   +7
Staff

Apple has confirmed that iOS, OSX, and other "key" web services were not vulnerable to the Heartbleed bug that has affected numerous popular websites. “Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told Re/code.

The statement comes just a few days after the vulnerability was disclosed. Apple did not specify which key web services it's referring to and if any of its properties were indeed hit -- though the wording at least suggest that nothing critical was compromised.

The bug, which has reportedly affected almost two-thirds of the internet, including Google, Facebook, Yahoo, and more, is being termed as catastrophic because cyber criminals can exploit it to force the affected servers to expose valuable information like passwords, credit card numbers, and more.

Users are being asked to update their passwords, but only after the internet companies have updated their security software. To ease some of the pain and guesswork, password management tools like LastPass are now including recommendations for the bug, highlighting websites affected by the bug and whether they've taken the necessary steps to mitigate the risk, suggesting that you go ahead and update your passwords or wait.

Apart from Apple, other websites like Twitter, Ebay, Amazon, and more were also not affected by the Heartbleed Internet vulnerability. For a list of vulnerable websites, head over to this Cnet article.

Permalink to story.

 
Guess it's one win for corporate closed source software vs small team open source software?

I hear that openssl was "open software" or am I wrong?
 
Odd that you don't have a similar headline for Microsoft who were also unaffected.
 
Odd that you don't have a similar headline for Microsoft who were also unaffected.
I get what you are implying, but you are letting your emotions get ahead of you on this one.

Couple points here:

I have a Chrome heartbleed extension, it alerted me on Bing.

Apple has an entire ecosystem involving millions of people that have grown accustomed to and rely on the syncing of their devices, so it IS newsworthy that Apple isn't affected simply because not reporting in this case would lead to questions of 'are they affected?'
 
Agree with @SNGX1275, this is one of those nasty bugs that need positive confirmation of {exposed vs not exposed}
 
Odd that you don't have a similar headline for Microsoft who were also unaffected.
I get what you are implying, but you are letting your emotions get ahead of you on this one.

Couple points here:

I have a Chrome heartbleed extension, it alerted me on Bing.

Apple has an entire ecosystem involving millions of people that have grown accustomed to and rely on the syncing of their devices, so it IS newsworthy that Apple isn't affected simply because not reporting in this case would lead to questions of 'are they affected?'

Sorry nice try.. Bing doesn't support the underlying vulnerability.. I'd not trust that plugin if I were you..
Check out the post of top 10,000 websites bing.com is listed as "Testing bing.com... no SSL"
 
Sorry nice try.. Bing doesn't support the underlying vulnerability.. I'd not trust that plugin if I were you..
Check out the post of top 10,000 websites bing.com is listed as "Testing bing.com... no SSL"
Maybe it was a glitch, but I wouldn't have said that if I didn't get alerted on a Bing page, I don't come here to intentionally spread incorrect information.
 
Back