Apple released a statement Thursday saying that iOS, OS X, and “key web services” are not affected by Heartbleed – an exploit targeting a vulnerability in a service within OpenSSL known as Heartbeat. Heartbleed has the potential to expose security keys in encrypted online services and it was called a threat of “11” on a scale of 1 to 10 by Security researcher and writer Bruce Schneier.
“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told Re/code.
Security experts have reminded users to update passwords across any sites that may have been affected, but only after the companies have updated their security software.
It has also been suggested that people start using password management tools like Lastpass, 1Password and Apple’s own Safari Browser password generator in order to keep track of multiple passwords across various accounts, rather than using one single password phrase for every account.
