heartbleed1

Codenomicon

Security


Apple said Thursday that its mobile, desktop and Web services weren’t affected by a major flaw in a set of security software used by hundreds of thousands of websites.

The flaw, codenamed “Heartbleed” and first reported by Web security firm Codenomicon, was discovered in a technology called “OpenSSL” — a set of encryption software used by Web companies to safeguard user information. Sites that use OpenSSL will display a small “lock” icon in the top left-hand corner of your Web browser’s address bar (though not all sites showing this lock use OpenSSL); the technology is used on more than two-thirds of websites across the Internet.

“Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told Re/code.

Apple’s statement comes in the days after the disclosure rocked companies and Web security wonks across the world; security expert Bruce Schneier called Heartbleed “catastrophic” in a blog post this week. “On the scale of 1 to 10, this is an 11,” he wrote.

Major Internet firms scrambled to issue patches to fix the flaw in their Web services in the following days, but companies like Facebook, Google and Yahoo all admitted periods of time in which their services could have been susceptible to the Heartbleed flaw.

Security experts have reminded users to update passwords across any sites that may have been affected, but only after the companies have updated their security software.

It has also been suggested that people start using password management tools like Lastpass, 1Password and Apple’s own Safari Browser password generator in order to keep track of multiple passwords across various accounts, rather than using one single password phrase for every account.




2 comments
VernonDozier
VernonDozier

This may be true, however, when you READ the Software Acknowlegements in the "Airport Utility" it lists OpenSSL as a licensee.


I'm not sure why Apple thinks the WiFi software isn't a "Key Web Service".  But they sure like to sweep issues under the rug in Cupertino.

AaronAshfield
AaronAshfield

Secure Access Technologies protects against Hearthbleed with SAT Mobile ID (2FA and Continuous Authentication). Your private keys never go to the PC... SecureAccessTechnologies.com

Follow

Get every new post delivered to your Inbox.

Join 300,278 other followers