No worries. Its clear. All input was very helpful.
Apple has no fix expected.
Apple is secure as always. 🙂
It is one of the many reasons I use Apple laptops for development.
(Though I wish my MacBook Pro had way more RAM like 64GB or 128GB).
Apple is missing an opportunity, though.
This situation is actually a perfect time for Apple to brag about its security, by identifying that Heartbleed does not affect normal Apple users, unless the access a vulnerable site. And that developers are only at risk if the open source projects pull in OpenSSL 1.0.1 or 1.0.2beta. Easy to do and great for Apple's reputation.
Consumers would hear "Apple good" and "World scary".
Like any dangerous event, the Heartbleed alarm in the various communities is a little bit like yelling fire in the theater and management's response after.
People have to be sure the alarm is false or does not affect them.
If management speaks up, the problem is over.
If management does not, then all the individuals run around avoiding the problem or assessing the problem for themselves. The latter is less efficient and more stressful.
I spent serveral hours figuring out where I had to look to determine the scope and risk.
All of the answers above, were very helpfull and reduced the scope of my effort.
Thanks for all the input.
There was no formal statement from Apple clarifying the issue. (At least none I could find)
In fact some of today's security announcements (3pm 4/8/14) had complained that Apple
had not responded to emails.
Apple is not responsible for responding to all emails.
And not all posts, even on stack overflow, are accurate.
But in certain scenarios, a communication event is beneficial.
It woud have saved me hours, this community thread, the time of all who contributed here, and the time of all who read here.
BTW: Mcafee scans sites and can assess risk while you are browsing, but the local virus detection is not as good as others.
BTW: Has anyone checked this site for the SSL version? 🙂 (joke)
Cheers!
Rich
