You do not have to worry about the scary Heartbleed security flaw when using Apple's cloud, iCloud.
Apple has confirmed that all of its devices and web services are safe from the bug and that its devices never used the problematic software at all, a spokesperson told Re/Code's Mike Isaac:
“Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected."
It was unlikely that Apple's devices, iOS and Mac, would be affected by the bug in the first place. The problem mostly affects security software used by many websites, known as OpenSSL, as opposed to the operating system software used by a Mac or iOS.
UPDATED: However, Google has admitted that one popular version of Android is affected. Android 4.1.1, known as Jelly Bean. It says it is working with phone makers now to patch devices using Jelly Bean.
The safely of iCloud.com has also been verified by others. This page on Github is the best public list of sites that have been tested and iCloud.com was found to be ok.
The Github page also lists dozens of other websites that were impacted. If you use any of them, you should ...
1. Check and see if the site has been fixed either by installing the Chromebleed add-on for the Chrome browser, or by visiting the Heartbleed test website and typing in the URL.
2. If the site is fixed, change your password.
3. If the site isn't fixed yet, avoid making any financial transactions with it, like sending your credit card number.