Apple confirmed to Re/Code that its key web services and both its mobile and desktop operating systems are not affected by the Heartbleed security flaw. The vulnerability, first reported by Web security firm Codenomicon, is present in OpenSSL encryption software, which is used by websites to secure user information.
More than two-thirds of website on the Internet use the open-source software and are vulnerable to the flaw that allows others to eavesdrop on website communications as well as steal data from services and users. An Apple spokesperson confirmed that the company never used the vulnerable software in its products.
“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected,” an Apple spokesperson told Re/code.
Security expert Bruce Schneier said in a blog post that the Heartbleed flaw was “catastrophic,” writing that “On the scale of 1 to 10, this is an 11.” Schneier and other security experts are advising users to change their passwords to sites that have been affected by this flaw, waiting until the site has updated its security software.
But as we reported earlier, even though Mac and iOS users are not directly affected, it is not necessarily good news as you’re still likely to be affected indirectly as OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Check out our post to find out post to find out more details about the Heartbleed security flaw, and what steps you should take to protect yourself.