Heartbleed and Apple

As you may have heard by now, the Heartbleed bug is affecting internet sites around the world. Unlike most notices like this, it’s not a virus or a worm. Heartbleed is security bug in the open-source OpenSSL library, which is widely used on the internet for security protocols. It was fixed on April 7, 2014, at the same time as Heartbleed was publicly disclosed. Unfortunately, many sites using the problematic OpenSSL had not updated yet.

If you are worried about your Mac, OS X has never shipped with the vulnerable version of OpenSSL. If you are worried about your iTunes accounts, its mobile, desktop and Web services weren’t affected but Heartbleed. Going further, Re/code was able to get an official response from Apple:

“Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told Re/code.’

Read more about Heartbleed and Apple on the Re/code blog.

UPDATE:
If you were worried about how this affected SMU campus systems, don’t; That being said, OIT still recommends you change your passwords. Here is an update from OIT:

OIT responded quickly to ensure all services were updated and any potential exposure was remediated. The security flaw was announced on Monday April 7. OIT reviewed all systems quickly and addressed each vulnerability as soon as a patch was available from the vendor. Of the systems remediated, there was a limited threat of exposure for SMU account login information. At this time, no compromises or suspicious activity from the vulnerability has been observed. We are encouraging individuals to reset all password (not just SMU) as the threat was widespread across a significant number of internet based services. As an advocate for the customer and a desire to help protect their data (SMU and personal), we felt strongly that it was our responsibility to err on the side of caution.

About Ian Aberle

Ian Aberle is the IT Communications Specialist and Trainer for the Office of Information Technology (OIT) at Southern Methodist University (SMU). He started at SMU in 1996 and for much of his career at the University had managed the SMU STAR Program before joining the Training & Communications Team in 2015. In his free time, Ian enjoys photography and road trips with his family. You can see examples of when the two collide at http://ianaberle.com.

This entry was posted in Mac News and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *