The company has confirmed that its OS X and iOS devices as well as “key web services” are not affected by the gaping security flaw.
Apple users can breathe a sigh of relief: they won’t be affected by the Heartbleed bug.
OpenSSL, the encryption protocol that the flaw impacts, is a set of encryption software used to protect user information, its widely used, which is why the flaw puts two-thirds of the internet at risk. Websites that use SSL display a lock icon in the browser’s address bar so users can expect data security.
Since word about the flaw broke, it has ruffled quite a few feathers in the ranks of web security companies. Bruce Schneier, a security expert, called Heartbleed “catastrophic” in a blog post, he wrote that “On the scale of 1 to 10, this is an 11.” Since then most major web companies have worked hard to patch the flaw, though some of them admitted that there was a window in which their services were open to Heartbleed. Facebook, Google and Yahoo have all made this admission.
In a statement provided to Re/code, an Apple spokesperson confirmed that iOS and OS X “never incorporated the vulnerable software” and that important web based services were also not affected. This should put users at ease, though some might want to take preemptive measures any way because even if they weren’t open to it on Apple’s devices, it likely that their data might have been susceptible on any other service like Facebook or Google.
The best thing to do now that the dust around Heartbleed has settled is to change passwords. It might be a chore given the vast variety of online services being used today, but its important nonetheless, particularly if you use a single password for multiple online services.