How Apple dodged the Heartbleed bullet - When it announced plans to deprecate OpenSSL in June 2011, Apple wasn't aware of the Heartbleed flaw because it didn't yet exist. However, the company was aware of other problems with OpenSSL (libcrypto), a security toolkit Apple began using within the Common Data Security Architecture more than a decade ago.
OK, fair enough. But go ahead and try creating a fresh implementation of SSL without the source code from OpenSSL as a reference.
Labels: heartbleed, security
Post a Comment