iCloud and HeartBleed security issue

Yes, yes, yes and yes. The problem was apparently patched some time back. You could change your password anyway to be sure on the very low chance that someone hacked it before the problem was fixed (if you've changed it recently don't bother). If you do this, turn of 'Find My iPhone/iPad/Mac' on any devices you have it set up on or you will run into problems. You will need to sign out and sign back in on all your devices.

You can test a server at https://www.ssllabs.com/ssltest/

Unfortunately, another of the popular testing servers:

https://lastpass.com/heartbleed/

reports "www.icloud.com" as "likely vulnerable" (as of this date and time):

Site:www.icloud.com

Server software:Apache

Vulnerable:Likely (known use OpenSSL)

SSL Certificate:Unsafe (created 12 months ago at Apr 24 00:00:00 2013 GMT)

Assessment:Wait for the site to update before changing your password

For "icloud.com" you get this result:

Site:icloud.com

Server software:Apache

Vulnerable:Likely (known use OpenSSL)

SSL Certificate:Unsafe (created 2 years ago at Jul 18 00:00:00 2012 GMT)

Assessment:Wait for the site to update before changing your password

With conflicting results like these, it's hard to both take and give advice.

Apple on Thursday released a statement saying its major operating platforms, iOS, OS X and certain Web services, are not affected by the massive "Heartbleed" security flaw discovered earlier this week.

Not to quibble, but at this writing, this is not actually the case - Apple didn't "release a statement." A unnamed "spokesperson" told a writer at recode.net that "Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key web-based services were not affected."

http://recode.net/2014/04/10/apple-says-ios-osx-and-key-web-services-not-affecte d-by-heartbleed-security-flaw/

If someone is really a spokesperson, I'd expect there would be a name attached to an official communication, and the recode.net reporter, Mike Isaac didn't name anyone. There's nothing from Apple in the Hot News section of their web site, which is where I'd expect to see an official statement. Search the web for that quote, and everything links back to the recode.net story.

The substance of what Isaac reported may indeed be true, but Apple didn't release a statement.

As you have observed, Apple apparently doesn't even respond directly to the press, so I doubt that they would give you a satisfactory answer any time soon.

All of the sites I've been monitoring are now showing Apple as safe (based apparently on the afore mentioned recode.net report). I would certainly feel much better if I got an e-mail directly from them telling me it was safe to use all my Apple accounts, but I'm not holding my breath.