Apple Fixes SSL Flaw in OS/X That it Fixed in iOS Last Friday

Apple Fixes SSL Flaw in OS/X That it Fixed in iOS Last Friday
Apple Fixes SSL Flaw in OS/X That it Fixed in iOS Last Friday

"This is disappointing," wrote Brian Fagioli on Betanews, "as it likely delayed the bug-fix to accommodate Apple with an easier update schedule. Even if that isn't the case, like I said earlier, perception is everything; releasing the bug-fix separately could have sent a more reassuring and apologetic message."

The problem is that it was a major flaw with potentially serious consequences based on a very simple coding error; and one that is believed to have existed for several months. The effect has been that anyone using Safari on Apple devices has been misled by belief in the security of an SSL-secured (https) site.

SSL works by demanding a certificate from the destination site to prove it is the site expected. Once that certificate is received, the sender exchanges encryption keys with the receiver and sends the encrypted message to that site. Apple's flaw failed to check the certificate – which means that any false site could pretend to be the correct site and would receive the keys allowing it to decrypt the message.

This is a classic man-in-the-middle (MITM) attack. MITMs are not difficult to execute, but are supposedly defeated by SSL. This has not been happening with Safari (and a few other Apple applications, such as Mail, Pages, Preview and Calendar) on Apple equipment. Any attacker with sufficient resources to divert traffic to its own server could decrypt and steal the content (which could include banking details) before pretending a fault or sending the message on to the correct destination.

Just prior to the Apple fix, Paul Ducklin provided a detailed analysis on NakedSecurity. The problem has been caused by nothing more than the spurious inclusion of an additional 'goto fail' within the C code – "no conspiracy theories, please!" he writes.

"The second goto fail, which shouldn't be there, always happens if the first one doesn't," explains Ducklin. "The result is that the code leaps over the vital call to sslRawVerify(), and exits the function. This causes an immediate 'exit and report success', and the TLS connection succeeds, even though the verification process hasn't actually taken place." In other words, any received data, whether the correct certificate or garbage from a malicious site, would be accepted as a valid certificate.

The solution for OS/X users is now to upgrade to the latest version of Mavericks. Users of older versions of OS/X should note that Mavericks is a free download from the Mac App Store.

What’s Hot on Infosecurity Magazine?