Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Apr 10, 2014, 03:56 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Confirms 'Heartbleed' Security Issue Did Not Affect Apple Software and 'Key Services'




Apple today released a statement to Re/code confirming that iOS, OS X and "key web services" were unaffected by the widely publicized security flaw known as Heartbleed which was disclosed earlier this week.
Quote:
"Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected," an Apple spokesperson told Re/code.
Heartbleed was a security flaw in the popular open-source software OpenSSL which helps provide secure connections between clients and servers. Due the ubiquity of OpenSSL, Heartbleed is believed to have affected approximately 66% of the internet.

Security blogger Bruce Schneier describes the issue as "catastrophic" and on "the scale of 1 to 10, this is an 11." The flaw allowed servers to leak server memory to a malicious attacker, allowing hackers to extract login/password and other private data from a server. Users are recommended to change their passwords on all services that may have been affected. Mashable provides a list of services where you should change your password. Fortunately, MacRumors Forums were unaffected by the security flaw.

Article Link: Apple Confirms 'Heartbleed' Security Issue Did Not Affect Apple Software and 'Key Services'
MacRumors is offline   1 Reply With Quote
Old Apr 10, 2014, 03:58 PM   #2
SMIDG3T
macrumors 65816
 
SMIDG3T's Avatar
 
Join Date: Apr 2012
Location: England
Heardbleed? That's a new one.
__________________
iPhone 6 | 64GB | Space Grey | iOS 8.1

MacBook Pro w/ Retina display | Late 2013 Model | OS X Yosemite 10.10
SMIDG3T is offline   1 Reply With Quote
Old Apr 10, 2014, 03:58 PM   #3
dugbug
macrumors 6502a
 
Join Date: Aug 2008
Apple could not resist that zinger

Android apparently incorporated it. Ouch.
__________________
Doodle Dice iOS puzzle game: http://www.dyerware.com/forum/index....pic,194.0.html
The greatest iOS game in the world? Perhaps my friends. Perhaps.
dugbug is offline   19 Reply With Quote
Old Apr 10, 2014, 03:59 PM   #4
Revearti
macrumors member
 
Join Date: Oct 2011
Hail, Apple! Get your brag on!
Revearti is offline   10 Reply With Quote
Old Apr 10, 2014, 04:00 PM   #5
stukdog
macrumors 6502
 
Join Date: Oct 2004
Also did not affect those running web services on Mountain Lion and Mavericks:

https://twitter.com/ConsultantRR/sta...27858078814208

Last edited by stukdog; Apr 10, 2014 at 04:23 PM.
stukdog is offline   10 Reply With Quote
Old Apr 10, 2014, 04:01 PM   #6
ka-spot
macrumors 6502
 
Join Date: May 2012
terrific

i always new that my money wasn't spent on the wind.
__________________
ka-spot is offline   4 Reply With Quote
Old Apr 10, 2014, 04:01 PM   #7
Derekeys
macrumors member
 
Join Date: Sep 2012
Location: Philadelphia, PA
Shocked
Attached Images
 
Derekeys is offline   1 Reply With Quote
Old Apr 10, 2014, 04:01 PM   #8
SILen(e
macrumors regular
 
Join Date: Oct 2012
Their statement contained a bit of marketing blahblah.

It's not important that Apple takes security very seriously and it doesn't even matter in this case - nobody (maybe except for the NSA^^) knew about this issue, so there wouldn't have been anything Apple could have done.
SILen(e is offline   13 Reply With Quote
Old Apr 10, 2014, 04:03 PM   #9
BornAgainApple
macrumors 6502
 
Join Date: Jun 2009
Location: Massachusetts
This is what a Walled Garden gets you
BornAgainApple is offline   19 Reply With Quote
Old Apr 10, 2014, 04:05 PM   #10
Merode
macrumors 6502
 
Join Date: Nov 2013
Location: Warszawa, PL
To people above me: right - remember SSL issue from not long ago?
The garden is walled, except for holes found from time to time.

Last edited by Merode; Apr 11, 2014 at 02:33 AM.
Merode is offline   11 Reply With Quote
Old Apr 10, 2014, 04:08 PM   #11
epic-retouching
macrumors member
 
Join Date: Jan 2014
I always knew in the event of skynet or an apocalypse Apple computers would be the only ones running hahaha. That would show the haters who are the real idiots.
epic-retouching is offline   3 Reply With Quote
Old Apr 10, 2014, 04:09 PM   #12
petsounds
macrumors 65816
 
Join Date: Jun 2007
Quote:
Originally Posted by SILen(e View Post
It's not important that Apple takes security very seriously and it doesn't even matter in this case - nobody (maybe except for the NSA^^) knew about this issue, so there wouldn't have been anything Apple could have done.
Not exactly. OpenSSL has gotten a lot of flack in the past for being a shoddy library. There's plenty of security researchers who've looked through the code and said it's a mess. So perhaps Apple knew to stay away where possible. In other cases, it was a lucky accident that they pinned OpenSSL on OS X to the older 0.9.8 which wasn't vulnerable.

Either way, it's a PR win for Apple, especially compared to Android which is vulnerable. And you can bet that many of the old versions of Android people are running will never get patched by carriers.
petsounds is offline   14 Reply With Quote
Old Apr 10, 2014, 04:09 PM   #13
dugbug
macrumors 6502a
 
Join Date: Aug 2008
Quote:
Originally Posted by Merode View Post
To people above me: right - remember SSL issue from not long ago?
The garden is walled, except for wholes found from time to time.
This one is a doozy
dugbug is offline   3 Reply With Quote
Old Apr 10, 2014, 04:10 PM   #14
robeddie
macrumors 6502a
 
Join Date: Jul 2003
Location: Atlanta
Quote:
Originally Posted by Merode View Post
To people above me: right - remember SSL issue from not long ago?
The garden is walled, except for wholes found from time to time.
wholes?

hmm, I'm gonna think about that while I enjoy my hore.
__________________
Life is a sexually transmitted disease, with a 100% fatality rate.
robeddie is offline   15 Reply With Quote
Old Apr 10, 2014, 04:13 PM   #15
longofest
Editor emeritus
 
longofest's Avatar
 
Join Date: Jul 2003
Location: Falls Church, VA
Send a message via AIM to longofest
Quote:
Originally Posted by dugbug View Post
Android apparently incorporated it. Ouch.
That's because Android is based on Linux, and OpenSSL is part of almost every Linux distro out there. It's hard to fault Google/Android for using OpenSSL.

The whole situation really just sucks all around. I don't think anyone is exaggerating when they say that 2/3 of internet facing websites use OpenSSL.
__________________
Never falling under anyone's Reality Distortion Field: Tech Perfect
longofest is offline   4 Reply With Quote
Old Apr 10, 2014, 04:17 PM   #16
Jessica Lares
macrumors 604
 
Jessica Lares's Avatar
 
Join Date: Oct 2009
Location: Near Dallas, Texas, USA
I'm just glad that Apple even commented. Still waiting on my bank and credit card companies to say anything...
__________________
Have You Hugged Your Mac Today?
Daily Expressions | iMac G4 | Late 2011 13" MacBook Pro | iPod Nano (7G) | iPad Mini | iPod Touch (5G) | iPhone 5S
Jessica Lares is offline   7 Reply With Quote
Old Apr 10, 2014, 04:19 PM   #17
SchneiderMan
macrumors 604
 
SchneiderMan's Avatar
 
Join Date: May 2008
Location: Apple state
Quote:
Originally Posted by robeddie View Post
wholes?

hmm, I'm gonna think about that while I enjoy my hore.
I agree holeheartedly.
__________________
Gdgtmac.com // TheGearGrid.com <Featuring The Best In Tech
SchneiderMan is offline   7 Reply With Quote
Old Apr 10, 2014, 04:20 PM   #18
AppleInLVX
macrumors 6502a
 
AppleInLVX's Avatar
 
Join Date: Jan 2010
Location: Kitchener, Ontario, Canada
Forgive my ignorance, but does this mean that all of Apple's online services are okay, or that using an apple device of any sort then also makes your data safe regardless of where you browse? If the latter, then way cool.
__________________
27" iMac mid-2010; iPhone 6; iPod Touch--4th Gen, 1st Gen, Nano 2011, Classic 2008; TV 3; iPad Air.
AppleInLVX is offline   2 Reply With Quote
Old Apr 10, 2014, 04:22 PM   #19
Northgrove
macrumors 6502a
 
Join Date: Aug 2010
Quote:
Originally Posted by BornAgainApple View Post
This is what a Walled Garden gets you
Whether they use OpenSSL or not for SSL doesn't have anything to do with being a walled garden.
__________________
iPhone 5 rMBP 15" (2012)
Northgrove is offline   6 Reply With Quote
Old Apr 10, 2014, 04:22 PM   #20
Jedibugs
macrumors newbie
 
Join Date: Mar 2012
That's good. You know if Apple had been affected, all the headlines would be reading "Apple's Security Failure"
Jedibugs is offline   19 Reply With Quote
Old Apr 10, 2014, 04:23 PM   #21
Razeus
macrumors 68040
 
Join Date: Jul 2008
Proof that Apple is more secure than Android of Windows. This should shut those boys up.
Razeus is offline   6 Reply With Quote
Old Apr 10, 2014, 04:24 PM   #22
hofer
macrumors member
 
Join Date: Aug 2006
Key Services???

Apple is being vague about this.

What is definition of "key services"?

It would have been nice if they had come out and stated that the iTunes store, the Apple store, and iCloud were not affected. One would assume that those are key services, but who knows?
hofer is offline   3 Reply With Quote
Old Apr 10, 2014, 04:29 PM   #23
SlCKB0Y
macrumors 68020
 
Join Date: Feb 2012
Location: Sydney, Australia
Do you know why Apple services and products were not affected? Pure dumb luck.

Apple is just lazy - they keep their BSD subsystem ridiculously outdated:

Quote:
mbp:~ user$ openssl version
OpenSSL 0.9.8y 5 Feb 2013
Although 0.9.8y was released earlier this year, it was a minor point release for a major version of SSL originally released in 2005.
__________________
Late 2011 13" Macbook Pro, 256GB SSD, 16GB RAM  Mid 2013 13" Macbook Air, 120GB SSD, 4GB RAM  Late 2012 Mac Mini, i7, 240GB SSD, 8GB RAM  4th Gen WiFi iPad 16GB  Nexus 7 (2012) 16GB  Nexus 5 16GB
SlCKB0Y is offline   9 Reply With Quote
Old Apr 10, 2014, 04:31 PM   #24
DaveN
macrumors 6502
 
Join Date: May 2010
Quote:
Originally Posted by Razeus View Post
Proof that Apple is more secure than Android of Windows. This should shut those boys up.
It won't. Face it. Fandroids are robots.
DaveN is offline   8 Reply With Quote
Old Apr 10, 2014, 04:32 PM   #25
Henriok
macrumors regular
 
Join Date: Feb 2002
Location: Gothenburg, Sweden
Quote:
Originally Posted by SlCKB0Y View Post
Do you know why Apple services and products were not affected? Pure dumb luck.
Or it could be that newer versions of this software doesn't include anything that Apple deems useful. Don't fix what's not broken.
Henriok is offline   3 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Releases AirPort Extreme and Time Capsule Firmware Update 7.7.3 With Heartbleed Fix MacRumors Mac Blog Discussion 63 Aug 8, 2014 11:08 AM
Help me understand this whole Heartbleed security bug thing GanChan Community Discussion 4 Apr 10, 2014 10:38 PM
AT&T Blocking Apple services (affect AppleTV) westrock2000 Apple TV and Home Theater 27 Jan 30, 2014 12:07 PM
Apple Mobile Device Services - TCP/IP protocol driver dependency issue spiegel9 iPhone Tips, Help and Troubleshooting 2 May 22, 2013 04:01 AM
Apple SVP of Internet Software and Services Eddy Cue Cashes in $8.8 Million in Stock MacRumors Mac Blog Discussion 37 Dec 19, 2012 03:22 AM

Forum Jump

All times are GMT -5. The time now is 02:23 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC