View Single Post
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 17,528
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: Mid-2012 MBP (16GB, 1TB HD), BenQ second monitor, iPhone 5s 32GB, iPad Air 2 64GB

chas_m is offline
Quote:
Originally Posted by vansmith View Post
Call me a skeptic but until there's evidence that these groups don't use OpenSSL, I'm inclined to believe that they do. However, this doesn't necessarily mean that they're affected for they could be running unaffected version.
"Apple has said its operating systems, OS X and iOS, as well as web services including iTunes and iCloud, which are used by millions of users and generate millions of transactions per day, never used the vulnerable OpenSSL implementation."

Emphasis mine, but that seems pretty clear-cut to me.

Addendum: the latest version of Mavericks, on an unmodified system, reports it is equipped with version 0.9.8y, last updated 5 Feb 2013 (your date might vary). Of course you're not normally using OpenSSL at all (on a users' end) unless you've set up a web server, and even then it appears you are unaffected. To me this lends credence to Apple's contention that OS X has never used the vulnerable OpenSSL implementation, at the very least.
QUOTE Thanks