Apple Inc.’s (NASDAQ:AAPL) various operating systems, including both iOS and OS X, have thus far lived up to their carefully cultivated reputation for invulnerability as the Heartbleed bug exacts a toll on Windows machines. Heartbleed is a bug that has been latently present in OpenSSL and Lastpass security software for years, but which was only recently revealed for the massive hazard that it is. The vulnerability left vast swaths of data, including personal information, passwords, and credit card information, completely unprotected from anyone who was aware of the bug and had the technical knowhow to exploit it.
The relative rarity of competent hackers, and the hidden nature of the bug (which, though massive, was not widely known, explaining why it went unpatched for so long) explains why Heartbleed did not bring down the entire online financial and email system. However, those users operating Apple’s (AAPL) OS X and iOS were immune from this problem, unless some online scoundrel managed to backdoor a malicious program onto their computer through a website they visited. In practice, this meant very few Apple users were injured by the bug.
Instead of OpenSSL, Apple Inc. (AAPL) encrypts its data using SecureTransport. Computers and mobile devices running systems from the Apple ecosystem were immune to the flaw, as was about 1/3 of the Internet, according to Re/Code. Of course, representatives of the Cupertino firm were quick to trumpet this advantage, thus ignoring the similar if slightly smaller-scale SSL/TLS bug which made OS X and iOS machines vulnerable in February, while Windows machines were immune.
BlackBerry’s products were all made vulnerable to some degree by the Heartbleed bug, as was the Android mobile OS. This means that tens of millions of smartphones were exposed to potentially compromising actions, but that the iPhone was not among them – a feather in Apple’s cap regardless of earlier, separate lapses. Many sites using OpenSSL have not yet been patched against the flaw, though as noted by BlackBerry, actually exploiting the glitch is “non-trivial.”
Though certainly not flawless, and with noted flaws of its own, Apple (AAPL) has been proven to be more secure in relative terms than its rivals. Part of this is due, of course, to the fact that more devices use Windows and Android, and thus there are more places where a flaw can occur. Windows is also used on many different platforms, while Apple uses iOS and OS X only on its own machines, enabling far stricter control over implementation.
But regardless, Apple’s operating systems have proven to be objectively tougher nuts to crack, and its security engineers have been once again proven worth their pay.
