Apple Confirms ‘Heartbleed’ Security Issue Did Not Affect Apple Software and ‘Key Services’

Apple today released a statement to Re/code that iOS, OS X and “key web services” were unaffected by the widely publicized security flaw known as Heardbleed which was disclosed earlier this week.

“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected,” an Apple spokesperson told Re/code.

Heartbleed was a security flaw in the popular open-source software OpenSSL which helps provide secure connections between clients and servers. Due the ubiquity of OpenSSL, Heartbleed is believed to have affected approximately 66% of the internet.

Security blogger Bruce Schneier describes the issue as “Catastrophic” and on “the scale of 1 to 10, this is an 11.” The flaw allowed servers to leak server memory to a malicious attacker, allowing hackers to extract login/password and other private data from a server. Users are recommended to change their passwords on all services that may have been affected. Washable provides a list of services where you should change your password. Fortunately, MacRumors Forums was unaffected by the security flaw.



from MacRumors: Mac News and Rumors – All Stories http://ift.tt/1qA4U11
via IFTTT