Apple Confirms Heartbleed Vulnerability Doesn’t Effect iOS, OS X, or ‘Key Web Services’


Apple released a statement Thursday saying that iOS, OS X, and “key web services” are not affected by Heartbleed – an exploit targeting a vulnerability in a service within OpenSSL known as HeartbeatHeartbleed has the potential to expose security keys in encrypted online services and it was called a threat of “11” on a scale of 1 to 10 by Security researcher and writer Bruce Schneier.

“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told Re/code.

Major Internet firms scrambled to issue patches to fix the flaw in their Web services in the following days, but companies like Facebook, Google and Yahoo all admitted periods of time in which their services could have been susceptible to the Heartbleed flaw.

Security experts have reminded users to update passwords across any sites that may have been affected, but only after the companies have updated their security software.

It has also been suggested that people start using password management tools like Lastpass, 1Password and Apple’s own Safari Browser password generator in order to keep track of multiple passwords across various accounts, rather than using one single password phrase for every account.