View Single Post
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 18,215
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Quote:
Originally Posted by chas_m View Post
"Apple has said its operating systems, OS X and iOS, as well as web services including iTunes and iCloud, which are used by millions of users and generate millions of transactions per day, never used the vulnerable OpenSSL implementation."

Emphasis mine, but that seems pretty clear-cut to me.

Addendum: the latest version of Mavericks, on an unmodified system, reports it is equipped with version 0.9.8y, last updated 5 Feb 2013 (your date might vary). Of course you're not normally using OpenSSL at all (on a users' end) unless you've set up a web server, and even then it appears you are unaffected. To me this lends credence to Apple's contention that OS X has never used the vulnerable OpenSSL implementation, at the very least.
It's not that OS X & iOS don't have it/use it, it's that the services that Apple leverages might. For example, iCloud runs off of Linux boxes (source) which most likely do use OpenSSL in some fashion. In this way, Apple has likely indirectly leveraged OpenSSL along the way at some point since most of their web based services are managed by non-Apple platforms. It's pure speculation on my part but it's safe to say that, since 2/3 of the web is powered by it for cryptographic work (source), it's been involved at some point.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks