How Apple avoided ‘Heartbleed’

Earlier this month, the "Heartbleed" computer bug became big news and everyone who goes online was encouraged to check their systems to see if they were affected. Two-thirds of the internet was susceptible. As we reported, the Mac and iOS platforms, run by Apple were not at risk.

According to a recent article from Apple Insider, the organization was able to avoid this massive security breach because of a decision it made back in June 2011 to deprecate OpenSSL — the platform that is at the center of Heartbleed.

Before that, the company had been using both OpenSSL and Common Data Security Architecture (CDSA) in its development of Mac OS X and later, iOS. However, the company started to notice potential security concerns in both platforms and in 2011 unveiled its own security software.

"Although OpenSSL is commonly used in the open source community," Apple stated in its documentation. "OpenSSL does not provide a stable API from version to version. For this reason, although OS X provides OpenSSL libraries, the OpenSSL libraries in OS X are deprecated, and OpenSSL has never been provided as part of iOS. Use of the OS X OpenSSL libraries by apps is strongly discouraged."

It goes on to say that OpenSSL lacks a stable API from version to version that relates to the complications of trying to update or patch security flaws in the open source software. This is exactly the problem that is currently being felt across the landscape.

With the help of an Apple support service, any company can deploy the latest Mac solutions and rest easy knowing Heartbleed will be kept in check.