Aple confirmed to Re/Code that its key web services and both its mobile and desktop operating systems are not affected by the Heartbleed security flaw. The vulnerability, first reported by Web security firm Codenomicon, is present in OpenSSL encryption software, which is used by websites to secure user information. More than two-thirds of website on the Internet use the open-source software and are vulnerable to the flaw that allows others to eavesdrop on website communications as well as steal data from services and users. An Apple spokesperson confirmed that the company never used the vulnerable software in its products. “Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected,” an Apple spokesperson told Re/code. Security expert Bruce Schneier said in a blog post that the Heartbleed flaw was “catastrophic,” writing that “On the scale of 1 to 10, this is an 11.” Schneier and other security experts are advising users to change their passwords to sites that have been affected by this flaw, waiting until the site has updated its security software. You can view a list of affected sites on this list provided by Mashable and can check sites manually using this online tool at http://ift.tt/1kkYl58. Continue reading
from iPhone Hacks | #1 iPhone, iPad, iOS Blog » iPhone 4 Camera Beats HTC EVO 4G, Samsung Galaxy, Droid X In Showdown
No comments:
Post a Comment