Results 1 to 3 of 3

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Apple Claims iOS, OS X and Its Key Web Services Aren't Affected by Heartbleed Security

  1. #1
    What's Jailbreak? Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    5,897
    Thanks
    3
    Thanked 200 Times in 179 Posts

    Default Apple Claims iOS, OS X and Its Key Web Services Aren't Affected by Heartbleed Security


    A statement was released recently by Apple saying that major operating platforms OS X, iOS, and some Web services were not affected by the immense “Heartbleed” security flaw, that was found earlier this week. According to Re/code, Apple has confirmed that their services and systems are mainly untouched by the SSL (secure sockets layer) bug, dubbed the “Heartbleed.” The Heartbleed is a bug found in open source software that could have personal information and passwords of millions of users.

    The spokesperson has stated the following:

    Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected.
    News of the bug was hit earlier in the week and the flaw was found in the OpenSSL implementation of the TLS/DTLS heartbeat extension. When used, client-to-server and server-to-client cached memory is leaked. MITRE has officially named the bug as CVE-2014-0160.

    The bug allows anyone on the Internet to read the memory of systems that are protected by vulnerable versions of OpenSSL software, including secret keys websites used to encrypt traffic, according to Heartbleed.org. Illegal users can gather usernames and passwords to spy on communications and steal information from services affected.

    Facebook, Google, and other major websites have already executed fixes for the bug, but security researchers still ask users to change their passwords since at one point, the websites weren’t patched.

    Source: Re/code

    Twitter: @AkshayMasand

  2. #2
    I was told that OSX once included Apache webserver enabled by default with a test page on every machine. Apache definitely uses OpenSSL, which is why something like 67% of all sites do. The vulnerability has been part of OpenSSL since 2012 or late 2011, so I guess the Apache thing was before then?

  3. #3
    iPhone? More like MyPhone davesnothere11's Avatar
    Join Date
    Jan 2010
    Location
    Alaska
    Posts
    288
    Thanks
    60
    Thanked 32 Times in 30 Posts

    So if I go to https://revoked.grc.com/
    I see that safari on my iPhone( iOS 7.0.6 jail broken) does not check for revoked certs. That is not a good thing at all.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •