Skip to main content

Apple says Heartbleed security flaw did not affect its software or services

With an estimated half a million sites vulnerable to the “Heartbleed” vulnerability revealed earlier this week, which allows an attacker to access user details of websites previously believed to be secured by industry-standard SSL/TLS, your favorite social networks, stores, and other services around the web could potentially be handing out your password or other personal information to anyone who exploits the issue.

The bug exists in a library called OpenSSL, which is an open-source SSL implementation that many—but not all—web services use to secure sensitive traffic. If a website you use is affected by the bug, your personal data could be given to just about anyone. Unfortunately, changing your password on an unsecure site won’t even help unless the site’s owners have installed a fix (because the attackers can simply exploit the bug again to get your new password).

This serious issue affects a number of high-profile sites, but it seems your Apple ID is safe. Today, Apple gave the following statement to Re/code:

“Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected.”

We used a tool for testing a site for the vulnerability that was released earlier this week, and can confirm that both apple.com, the various iTunes servers used for hosting Apple’s stores, and WordPress.com (the hosting system used for 9to5Mac and 9to5Google) are secure. Users running a web service powered by OS X 10.8 or 10.9 were also unaffected by this bug, as the server builds of those operating systems use the same (safe) encryption libraries as the consumer versions.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. thejuanald - 11 years ago

    That’s good to hear, nice job Apple

  2. frostie4flakes - 11 years ago

    Well, good news for my Apple stuff, but what about my Amazon Account? Oops I guess “Purchase with your Amazon Account” has a whole new meaning. Apple using iTunes as the basis of a “middleman” secure funds program got a whole lot more interesting. They start that program going in China with Alibaba and they’ll flip a lot more cash than Amazon processing those ¥

  3. This is one of the reasons i love apple products

  4. Grzegorz Zdanowski - 11 years ago

    Well … goto fail :)

  5. Fake Sound (@Secrxt) - 11 years ago

    Yeah, they’re not silly enough to use OpenSSL. Apple, to my knowledge, uses its own encryption algorithms for just about everything.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications