The Heartbleed Bug is perhaps the biggest threat to the internet world. However, Apple’s policies helped it to completely circumvent the issues, threats and ramifications that arose out of popular sites being left vulnerable due to Heartbleed.
Apple had decided way back in the late 1990s to abandon OpenSSL. The Cupertino Company announced that it would deprecate OS X’s Common Data Security (CDS) Architecture which included OpenSSL. Apple had described OpenSSL as an “outdated relic” about 2.5 decades ago. Though the Heartbleed bug has come into the spotlight just now, it had surfaced merely three years after Apple had abandoned it.
Apple officially deprecated OpenSSL in 2011, without even being aware of the Heartbleed bug, because it hadn’t even surfaced back then. Apple chose to avoid OpenSSL because it felt the platform had multiple other faults. The most glaring problem was incompatibility of OpenSSL with ‘libcrypto’, Apple’s own security toolkit that it had started to use within the Common Data Security Architecture that the company had begun to adopt in the late 1990s.
Related: The State of Mac Security
The CDS Architecture is still believed to be one of the most secure platforms that possess a very powerful ability to operate in cross–platform environment. Open Group, the company that designed CDS Architecture as a fundamental replacement to OpenSSL, said, “It is a set of layered security services and cryptographic framework that provides an infrastructure for creating cross-platform, interoperable, security-enabled applications for client-server environments.”
If that doesn’t showcase the foresightedness of Apple, consider the fact that Apple had long ago began working on a new cryptography API. Truly designed for the future, the Application Programing Interfaces were smart enough to run on multiple processors (multi–core CPU) way back in 2006, with a lot less coding requirement. In simple terms, Apple already has a comprehensive and better alternative to OpenSSL and thus has successfully trumpeted the Heartbleed bug.
Interestingly, Apple is not immune to security vulnerabilities and one of the most critical one was named ‘GoToFail’ that was remarkably similar to the Heartbleed bug. But the company managed to patch the vulnerability within 3 days, as compared to Heartbleed, ramifications of which are still looming.