Apple says iOS, OS X, iTunes and iCloud not affected by Heartbleed OpenSSL bug

Advertisement
By NDTV Correspondent | Updated: 11 April 2014 14:24 IST
The Heartbleed bug, which came to light this week, is a massive security vulnerability that affects the encryption framework used by about two-thirds of the world's Web servers, leaving users' passwords and confidential information potentially available to malicious attackers. Since its disclosure, major Web companies have been scrambling to patch their infrastructure and assess the extent of their liability.

While major Web services including Facebook, Dropbox, Yahoo, Amazon and multiple Google offerings are now known to have been vulnerable prior to the disclosure of the bug. Apple has now told tech industry news site Re/code that its products and services were not affected by the bug. Apple has said its operating systems, OS X and iOS, as well as web services including iTunes and iCloud, which are used by millions of users and generate millions of transactions per day, never used the vulnerable OpenSSL implementation.

The OpenSSL Heartbleed bug is being described as one of the most serious security problems to ever affect the Internet. It is not known whether malicious "black hat" hackers were aware of the bug and were exploiting it before security workers were aware of the need to patch it.

Heartbleed allows attackers to send commands to a server which result in it sending small portions of the system memory back to the attacker, unencrypted. Many of these snippets of data could be combined to reveal critical information stored in the memory, including top-level encryption keys and actual user data such as passwords and the contents of messages. With access to such keys, the attackers could then decrypt any information flowing to or from that server, without anyone realising.

Web users are advised to change all passwords, since the worst-case scenario that information has already leaked out, and millions of existing SSL certificates are useless, is completely plausible. In addition to attackers usually motivated by profit, global security agencies that have been in the news for monitoring private communications, are also likely to have been interested in the potential for data gathering using the Heartbleed bug.
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Apple, Dropbox, Facebook, Gmail, Google, Heartbleed, OpenSSL, Yahoo, internet security, security
Facebook leading women to eating disorders: Survey
Amazon to buy digital comics company comiXology
Advertisement

Related Stories

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Realme GT 8, Realme GT 8 Pro With Ricoh GR Optics Launched: See Price
  2. OnePlus 15 Battery Capacity, Charging Speed Teased Days Ahead of Launch
  3. iQOO 15 Launched With Snapdragon 8 Elite Gen 5, 50-Megapixel Cameras
  4. BSNL Samman Plan For Senior Citizens Announced at This Price
  5. Sony WH-1000XM6 Review: The Best Just Got Better
  6. DeepSeek-OCR Could Change How AI Reads Text From Images
  7. Redmi K90 Pro Max Key Features Revealed Ahead of Launch on October 23
  8. Jio Adds JioCloud Storage to Business Broadband Plans in India: See Price
  9. OnePlus 15 India Launch Teased; Key Features Revealed Ahead of Launch
  10. Poco F8 Ultra Listing on NBTC Certification Site Hints at Imminent Launch
#Latest Stories
  1. Baai Tujhyapayi OTT Release Date Revealed: Know Everything About Streaming, Plot, Cast, and More
  2. OnePlus 15 Launch in India Teased via Microsite; Company Reveals Key Features Ahead of China Debut
  3. BSNL Samman Plan Announced For New Senior Citizen Users: Price, Benefits
  4. Daksha: The Deadly Conspiracy Is Streaming Now: Know All About This Mohan Babu, Lakshmi Manchu Starrer
  5. Vivo Led Market as Smartphone Shipments in India Rose 3 Percent YoY in Q3 2025: Omdia
  6. DeepSeek-OCR Open-Source AI Model Changes How AI Models Read and Process Plain Text
  7. Vivo X300 Pro, Realme GT 8 Pro and Poco Pad M1 Listed on TDRA Site, Could Launch Soon
  8. Poco F8 Ultra Listing on NBTC Certification Website Hints at Imminent Launch
  9. Diwali Blackout: How the AWS Outage Crippled Major Apps Across the World
  10. WhatsApp Blocks AI Firms From Offering Chatbot Access via WhatsApp Business API
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.