With all the press going around lately about the Open SSL Heartbleed bug, I just want everyone to know that this vulnerability doesn’t exist on OS X Servers, unless the Mac server has been heavily modified. The same is true for OS X workstations, and all iOS devices.

The latest version of OpenSSL that Apple included with OS X Server was 0.9.87, which is a branch not affected by this bug. The only way an OS X Server could have a version of OpenSSL installed that is vulnerable to Heartbleed would be if a server administrator manually compiled it or installed it via MacPorts.

Apple actually announced in 2011 at its WWDC event that “OpenSSL does not provide a stable API from version to version. For this reason, although OS X provides OpenSSL libraries, the OpenSSL libraries in OS X are deprecated, and OpenSSL has never been provided as part of iOS. Use of the OS X OpenSSL libraries by apps is strongly discouraged.” It is because of this depreciation that the newer susceptible OpenSSL branch never reached OS X.