Mac Security: OS X Immune to OpenSSL Heartbleed Bug [u]
OMG, stop using the internet for shopping and banking because it’s not secure! Meh. According to a knowledgeable source, the client and server versions of OS X aren’t susceptible to the OpenSSL Heartbleed security issue.
Apple gets a lot of deserved grief for being slow in adopting industry standards. For example, while OpenGL 4.4 has been out for nearly a year, OS X Mavericks only supports OpenGL 4.1, which limits the availability and performance of games on the Mac.
It’s a bad thing.
However, here is an example of Apple not supporting an industry standard that has resulted in a good thing. Because OS X doesn’t use OpenSSL, Macs are immune to the problem.
According to Damien Barrett, a Mac IT Pro and former TUAW blogger, those of us who run OS X and OS X Server can breathe a bit easier:
PSA: No versions of OS X or OS X Server are affected by the OpenSSL Heartbleed bug, because the last version shipped by Apple in an OS was 0.9.8y, which is a branch not affected by this bug. So unless you’ve installed OpenSSL via MacPorts or Homebrew, your public-facing OS X servers/services should be immune to this bug.
That said, [u] iMore’s Peter Cohen adds that Apple doesn’t like OpenSSL and hasn’t implemented in some time (ie since v0.9.8y).
And, for that matter, Apple’s iOS doesn’t use OpenSSL either. So, no worries there either.
But, whereas Macs and iPhones are safe, according to Cohen, your data might not be:
[u]I can’t overemphasize this: your Apple device may be safe, but your encrypted data may not be. This is a very big deal because it affects many of the web sites and other Internet services you use. If the service uses OpenSSL to help manage the flow of encrypted data, it may be at risk.
So, Apple guys and gals, your Macs and iThings are safe, but your data might not be…
What’s your take?