“Apple said Thursday that its mobile, desktop and Web services weren’t affected by a major flaw in a widely used set of Web security software that could have affected hundreds of thousands of websites,” Mike Isaac reports for Re/code.
“The flaw, codenamed ‘Heartbleed’ and first reported by Web security firm Codenomicon, was discovered in a technology called ‘OpenSSL’ — a set of encryption software used by Web companies to safeguard user information,” Bort reports. “Sites that use OpenSSL will display a small ‘lock’ icon in the top left-hand corner of your Web browser’s address bar (though not all sites showing this lock use OpenSSL); the technology is used on more than two-thirds of websites across the Internet.”
“‘Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,’ an Apple spokesperson told Re/code,” Bort reports. “Apple’s statement comes in the days after the disclosure rocked companies and Web security wonks across the world; security expert Bruce Schneier called Heartbleed “catastrophic” in a blog post this week. ‘On the scale of 1 to 10, this is an 11,’ he wrote.”
Read more in the full article here.
What to do about Heartbleed, a gaping security hole affecting 66 percent of the Internet (at least) – April 9, 2014