Apple said Thursday that its mobile, desktop and Web services weren’t affected by a major flaw in a set of security software used by hundreds of thousands of websites.
The flaw, codenamed “Heartbleed” and first reported by Web security firm Codenomicon, was discovered in a technology called “OpenSSL” — a set of encryption software used by Web companies to safeguard user information. Sites that use OpenSSL will display a small “lock” icon in the top left-hand corner of your Web browser’s address bar (though not all sites showing this lock use OpenSSL); the technology is used on more than two-thirds of websites across the Internet.
“Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told Re/code.
Apple’s statement comes in the days after the disclosure rocked companies and Web security wonks across the world; security expert Bruce Schneier called Heartbleed “catastrophic” in a blog post this week. “On the scale of 1 to 10, this is an 11,” he wrote.
Major Internet firms scrambled to issue patches to fix the flaw in their Web services in the following days, but companies like Facebook, Google and Yahoo all admitted periods of time in which their services could have been susceptible to the Heartbleed flaw.
Security experts have reminded users to update passwords across any sites that may have been affected, but only after the companies have updated their security software.
It has also been suggested that people start using password management tools like Lastpass, 1Password and Apple’s own Safari Browser password generator in order to keep track of multiple passwords across various accounts, rather than using one single password phrase for every account.