It’s been confirmed by Apple that its “key web services”, including iOS, OS X, and iCloud have not been affected by the Heartbleed security flaw.
The company made its announcement on Thursday April 11 – four days after the software bug was revealed. An Apple spokesperson said “Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key web-based services were not affected.”
Apple’s reassurance comes as other major operators including Google, Yahoo (which includes Tumblr and Flickr) and Facebook have had to patch the flaw, and in some case advise users to change their passwords.
The flaw was found in OpenSSL – the software used by two-thirds of all web services to encrypt online information.
The impact has seen about half a million web servers affected – or 17% of the internet, in what websites likeĀ Ars Technica has called “Catastrophic”.
Do I need to change my password?
Reports, and recommendations have been conflicting. Google have said Gmail users don’t need to at all, while some have said if a site is slow to patch the bug, changing it too soon could do more harm than good.
Or, this may simply be an opportunity to refresh your passwords. However, if you wish to base it on whether the site you use is likely affected, enter the URL into the Heartbleed Test here.