View Single Post
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 16,617
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: 2012 MBP, Black speakers, Black Benq second monitor, black(ish) iPhone 5s, Black 2012 iPad, etc.

chas_m is offline
Quote:
Originally Posted by vansmith View Post
Call me a skeptic but until there's evidence that these groups don't use OpenSSL, I'm inclined to believe that they do. However, this doesn't necessarily mean that they're affected for they could be running unaffected version.
"Apple has said its operating systems, OS X and iOS, as well as web services including iTunes and iCloud, which are used by millions of users and generate millions of transactions per day, never used the vulnerable OpenSSL implementation."

Emphasis mine, but that seems pretty clear-cut to me.

Addendum: the latest version of Mavericks, on an unmodified system, reports it is equipped with version 0.9.8y, last updated 5 Feb 2013 (your date might vary). Of course you're not normally using OpenSSL at all (on a users' end) unless you've set up a web server, and even then it appears you are unaffected. To me this lends credence to Apple's contention that OS X has never used the vulnerable OpenSSL implementation, at the very least.
QUOTE Thanks