Filip Novotny The highly widespread Heartbleed software bug, which is arguably the biggest Internet risk at the moment, reportedly does not affect Apple's servers. This security hole affected up to 15% of the world's most visited websites, but users of iCloud or other Apple services need not fear. He said it's a US server Re / code.
“Apple takes security very seriously. Neither iOS nor OS X ever contained this exploitable software, and key web services were not affected," Apple told Re/code. Thus, users should not be afraid of logging into iCloud, the App Store, iTunes or iBookstore, or shopping at the official e-shop.
Experts recommend using different, sufficiently strong passwords on individual websites, as well as storage software such as 1Password or Lastpass. Safari's built-in password generator can also help. Apart from these measures, it is not necessary to take any further steps, as Heartbleed is not a classic virus that would attack client devices.
It is a software bug in the OpenSSL cryptographic technology used by a large part of the world's websites. This flaw allows an attacker to read the system memory of the given server and obtain, for example, user data, passwords or other hidden content.
The Heartbleed bug has been around for several years, first appearing in December 2011, and the developers of the OpenSSL software learned about it only this year. However, it is not clear how long the attackers knew about the problem. They could choose from a large portfolio of websites, namely Heartbleed resided on the entire 15 percent of the most popular ones.
For a long time, even such servers as Yahoo!, Flickr or StackOverflow were vulnerable. The Czech websites Seznam.cz and ČSFD or Slovak SME were also vulnerable. Currently, their operators have already secured a large part of the servers by updating OpenSSL to a newer, fixed version. You can find out if the websites you visit are safe using a simple online test the test, you can find more information on the website Heartbleed.com.
I don't know how using strong passwords is related to the Heartbleed problem. A strong password can be obtained with this vulnerability as well as a weak one.
Furthermore, to claim that the servers are not secure is pretty stupid. How should servers protect against an unknown error? The servers were vulnerable.
Apple claims it did not use this hackable software. So it either uses older OpenSSL, but doesn't use OpenSSL at all. Not that it has better security.
OpenSSL is not the only SSL implementation. For example, Microsoft also does not use OpenSSL.
As far as I know, Apple doesn't use its own SSL solution, so it's highly likely that it uses the OpenSSL library