Following the revelation that hundreds of thousands of websites are susceptible to attacks based on the “Heartbleed” flaw in OpenSSL, Apple told Re/code that its operating systems including iOS and OS X, as well as unnamed “key” web-based services are not affected by the hack.
“Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told the publication.
While Apple would not say what those key web services are, 9to5Mac says it tested apple.com and various iTunes servers that host Apple’s online stores using an online tool that checks for Heartbleed and all of them are secure. The publication added that users who rely on a server powered by OS X 10.8 or 10.9 to run a web service are also secure.
Heartbleed allows hackers aware of the issue to fish for user passwords on the sites affected by the security flaw. Changing the password will not fix the problem as long as the company doesn’t patch up the issue. This Chrome plugin should help you check out what sites are vulnerable to Heartbleed at the moment, with more and more companies securing their online services.