

Apple Says iOS, OS X and “Key Web Services” Not Affected by Heartbleed - epo
http://recode.net/2014/04/10/apple-says-ios-osx-and-key-web-services-not-affected-by-heartbleed-security-flaw/

======
Tloewald
Oddly enough, I've had a lot of trouble getting my AppleTV to connect to
iTunes services for the last 24h or so. I wonder if there might be some
vulnerabilities being patched.

------
Touche
Article is not very informative. If they don't use OpenSSL what do they use?

~~~
kalleboo
SecureTransport
[https://developer.apple.com/library/mac/documentation/securi...](https://developer.apple.com/library/mac/documentation/security/Reference/secureTransportRef/Reference/reference.html)

Remember "Goto fail?"

~~~
ytch
Yes, they are developing their own SSL library, so "Goto fail" didn't affect
OpenSSL, too.

------
platinumdragon
"Sites that use OpenSSL will display a small “lock” icon in the top left-hand
corner of your Web browser’s address bar (though not all sites showing this
lock use OpenSSL);"

This sentence physically hurt to read. I seriously hope that Google Translate
wrote this.

~~~
ahassan
I stopped reading at that line.

------
furyg3
“Apple takes security very seriously. IOS and OS X never incorporated the
vulnerable software and key Web-based services were not affected,”

This makes it sound like they knew about the vulnerabilities, which they
didn't...

~~~
platinumdragon
That was exactly their implication. "We don't go for that open source crap" is
a motto of theirs. Usually it's just obnoxious. This time, they just happened
to blindly fall on the right side of the line.

~~~
rsynnott
Er, you realise that Apple's own OpenSSL substitute is open source? And that
they both use and release lots of open source software?

Are you thinking of Microsoft circa 2000, or something?

