Enabling good business
 

Not one Mac user suffers by ”heartbleed”

by Niklas Bendelius in Uncategorized

We wrote yesterday about “heartbleed” – the security hole that surrounds the OpenSSL and what it means for the services, features , and products that are connected to the Internet. Microsoft does not use the OpenSSL because servers based on Microsoft’s products do not need to be updated or corrected (unless the third party products such as the Apache Web server installed ) . Customers of Apple

usually complain to Apple for not always having the latest versions of various components based on open source.

But in this case, the running Mac be right grateful to Apple in Mac OS X 10.9 ”Mavericks” using version 0.9.8y from February 5, 2013 that does not have a heartbleed bug in their code.

This also means that earlier versions of Mac OS X are secure, and all latest version of each generation of Mac OS X and all available updates are installed. For example, Mac OS X 10.8.2 ”Mountain Lion” is affected by the problem, but Mac OS X 10.8.5 ”Mountain Lion” is safe when the package includes the Security Update 2013-004, which is also available for both Mac OS X 10.7.5 ”Lion”, the Mac OS X 10.6.8 ”Snow Leopard” in both client and server versions.

The version that is affected is the OpenSSL version 1.0.1 to 1.0.1f, where version 1.0.1 was released on March 14, 2012. The version 1.0.1g, which was released on April 7 this year, solves the problem with this bug.

Apple has no intend to release an update of OpenSSL for Mac OS X as they discourage third-party developers to make use of OpenSSL in their applications. OpenSSL is used not in iOS because there will be no update to this end there either.

Tags: , , , , , , , , , , , ,

Comments are closed.