Apple’s “gotofail” SSL bug
Published February 24th, 2014 at 12:49 PM EDT , modified February 24th, 2014 at 12:49 PM EDT
On Friday, Apple released a security update for iOS 6 and 7 that has caused a quite a stir in the security community. The update fixes a vulnerability in SSL – the technology that is used to encrypt data over many secure network connections – that could allow an attacker to intercept and access that data. This is a very serious matter, and iOS should be updated immediately… but only while on a secured network! Do not update while on an open wifi network!
SSL is technology that allows data to be encrypted between a client and server. It is used by many things, such as secure web sites, connections between Mail and a secure mail server, etc. For devices that have not been patched to fix this vulnerability, it would be possible for a hacker on the same network to perform a “man-in-the-middle” attack and gain full access to any encrypted data. This could include login credentials, credit card numbers, banking information and anything else being transmitted.
The technical details are a bit embarrassing for Apple, I have to say. The bug can be seen clear as day in open-source code available on an Apple website, as shown at right. In a function that validates the credentials while establishing an SSL connection, a single line is duplicated. The code shown here is meant to do multiple checks, and if any of them fails, code execution is meant to jump (“goto”) to a specific point in the code (bearing the label “fail”, meaning that’s the code that should be executed should any part of the function fail). Unfortunately, because one of the “goto fail” lines was duplicated, that means the second one is executed every time, jumping over an important final check and going straight to the “fail” code. But since the error code has not been set, the fail code doesn’t really do anything much differently than if the function were to succeed… thus, invalid credentials would validate as easily as valid ones.
The Bad News
Unfortunately, Mac OS X 10.9 (aka Mavericks) is also affected. However, there’s no fix for that yet! This means that all users who have upgraded to Mavericks are vulnerable in many different apps – Safari, Mail, Calendar, etc. Even software updates use the same SSL system, and this could mean that an attacker could craft a malicious fake update and push it through a supposedly secure connection. There are no reports of this happening, and there would still be some technical hurdles to jump over even with the vulnerability, but this is still very serious.
Making matters worse, Apple has done something very, very bad. Because the same code is used by Mac OS X, by patching the vulnerability in iOS only, they created a 0-day vulnerability in Mac OS X! In other words, beginning on Friday, working backwards from the information made available about the iOS vulnerability, hackers had what they needed to figure out how to attack this vulnerability in Mac OS X. (In fact, many exploits would be able to affect either iOS or Mac OS interchangeably, since they target sessions with secure web sites and not the devices themselves.)
According to multiple sources, Mac OS X 10.9.2 is very close to being released. I’d be surprised if it’s not out by later on today sometime, given this issue. But even if that does happen, it’s really inexcusable that Apple patched one platform on Friday, then left hackers with free rein to attack their other platform all weekend. These patches should have been released concurrently, even if that meant holding off on patching iOS for a few days.
The Good News
Obviously, none of this is good. However, it’s fairly easy to avoid problems by simply following some of the same advice security experts have been giving for years… specifically, don’t do anything sensitive on an open wifi network, where anyone nearby could be intercepting your network transactions. Even though communications with SSL-protected sites shouldn’t be able to be decrypted, even on an insecure network, there has always been the possibility of a flaw with a specific site that would allow an attacker access to an online account despite SSL. Thus, experts have always warned against such things. This is simply an SSL vulnerability on a larger scale (the OS rather than a specific site). One thing that can keep you safer on insecure networks would be use of a secure VPN.
In addition, it’s been fixed for iOS. So if you have an iPad, iPhone or iPod touch, and you’re using iOS 6 or 7, just install the update appropriate for that system. Boom, done. You’re safe again.
With regard to Mac OS X, it’s important to understand that there has been a lot of speculation about malware being installed via the software update mechanism. Though this would technically be made a bit easier through this vulnerability, it still wouldn’t be easy, and there have been no verifiable reports of such a thing actually happening. It would be wise not to install any software updates while on an insecure network, but that has always been the case. Just be cautious on insecure wifi networks. Of course, since there are some services that may use SSL connections in the background (to sync your iCloud calendars, for example), it would be wise to stay off insecure wifi networks completely until this problem is cleared up, and to install Mac OS X 10.9.2 as soon as it’s available.