SSL-Bug-OSX

Update: Apple says an OS X fix is coming soon.

Yesterday Apple released iOS update 7.0.6 alongside new builds for iOS 6 and Apple TV  that it said provided “a fix for SSL connection verification.” While Apple didn’t provide much specific information on the bug, it wasn’t long before the answer was at the top of Hacker News. It turns out that minor security fix was actually a major flaw that could in theory allow attackers to intercept communications between affected browsers and just about any SSL-protected site. Not only that, but the bug is also present in current builds of OS X that Apple has yet to release a security patch for.

Researchers from CrowdStrike described the bug in a report:

“To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system),”

Adam Langley, a senior software engineer at Google, also wrote about the flaw on his blog ImperialViolet and created a test site to check if you have the bug (pictured above):

Since this is in SecureTransport, it affects iOS from some point prior to 7.0.6 (I confirmed on 7.0.4) and also OS X (confirmed on 10.9.1). It affects anything that uses SecureTransport, which is most software on those platforms although not Chrome and Firefox, which both use NSS for SSL/TLS. However, that doesn’t mean very much if, say, the software update systems on your machine might be using SecureTransport….

I coded up a very quick test site at https://www.imperialviolet.org:1266. Note the port number (which is the CVE number), the normal site is running on port 443 and that is expected to work. On port 1266 the server is sending the same certificates but signing with a completely different key. If you can load an HTTPS site on port 1266 then you have this bug.

The updates Apple released for iOS yesterday are expected to fix the issue and Langley confirmed as much, but OS X 10.9.1 remains at risk. A test site to check if you have the bug is here.

Some users also report that Apple’s latest developer build 10.9.2 is still vulnerable:

Apple is yet to comment directly on the situation or provide an ETA on an incoming fix for OS X users.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

16 Responses to “Apple patched a major SSL bug in iOS yesterday, but OS X is still at risk”

  1. pellegew says:

    Look, I can understand a compiler not catching the extra line of code which lead to this error (read the blog https://www.imperialviolet.org/2014/02/22/applebug.html). But what is inexcusable is that there is not a test of a compiled system which would have found this error, like IDK the kind of test done at http://www.imperialviolet.org.

    As a good friend of mine has said, Apple is no longer a tech company, they are a fashion company.

  2. dcj001 says:

    “It turns out that minor security fix was actually a major flaw”

    That minor security fix was actually a major flaw? Really?

    “A test site to check if you have the bug is here.”

    Does the test site really check to see if the bug is present, as you say, or does it tell if the browser is vulnerable? I went there in Safari for the Mac, and I saw this message:

    “YOUR BROWSER IS VULNERABLE, PATCH IMMEDIATELY!”

    It does not say that the bug is present.

    • Ezhik says:

      The browser is vulnerable if the bug is present?

    • It’s also irresponsible to say that “your browser is vulnerable,” when in fact many people are sitting on their home network where no “man in the middle” attack is even possible.

      It also shouldn’t say that you should “patch it immediately,” when no patch is actually available from Apple, and when a patch probably will be available in the normal course of events very shortly. This will just send nervous types onto the Internet where they could easily be preyed upon by fake “patches” when if they did nothing they would probably be safe.

      It should really say something like:

      You have the flaw, you should be careful with what you send when using a public network and make sure you keep software updated so you get the patch when Apple releases it.”

      • Ezhik says:

        I’m pretty sure that page is not meant for the everyday user.

      • standardpull says:

        Sorry, you are wrong: a man-in-the-middle attack is very possible. Your internet traffic travels from your cable modem through the public internet to your bank (or whatever). All along that path there is opportunity for a man-in-the-middle attack. Go into “terminal” and try a “traceroute” on your favorite bank hostname, and you’ll see a mere subset of the networks that your packets traverse. You trust all those providers? Maybe so, but is every one of their employees trustworthy? Are all their security procedures perfect? Absolutely not.

        Anyhow, this is EXACTLY why security experts suggest you change your passwords often. For now, maybe depend on Firefox and change your passwords. It can’t hurt.

  3. The level of urgency here is simply not supportable. Yes this is a bug and it’s good to be aware of it. Yes it should be patched.

    But the article (and especially the test site it links to) are being highly irresponsible as well by implying that it’s far more serious than it is. The odds of you getting hit by this if you aren’t actively working as a spy (or a resident of an Eastern European country) are practically nil.

    • standardpull says:

      The lack of secure browser-to-bank communications is very serious. The urgency is extremely high, as communication via Safari is, in essence, always in the clear while traversing the internet. There are likely 100 pieces of equipment in the path between you and your bank. If one of them is compromised, all the data you send over that link is vulnerable. That includes all session data, passwords, and anything else communicated over the link.

      Urgent? Absolutely. Hackers sucked up all the Target credit cards. I imagine that the same hackers would be very excited to capture all the account credentials sent to dozens of banks in one go.

      SSL is important. Without SSL, you need to trust much much more than just your local ISP.

      • I can’t reply more than one nested level so I will reply to both your retorts here … I still call BS.

        It says right in this article (and if it isn’t true that isn’t my fault) that the attacker has to be on the same wireless network as you. Thus my comment about being at home and being on your own network equalling being safe.

        I know about trace route (because I’m not an idiot), but my understanding from the article was that the attacker has to be on the same network so .. same explanation there.

        Overall, my point was that it would take an international spy or a criminal (i.e. – someone from eastern Europe) to initiate one of these attacks.

        For instance, according to what you have said, the most likely attack I can think of is that someone could conceivably break into my building, sit in the basement and intercept the router traffic from all the apartments in the building. They would then have to “pretend to be a bank or Facebook” or whatever and wait for someone in the building to initiate a call to whatever they were pretending to be and thus intercept it.

        How (the fuck) they would know that I was about to contact my bank or Facebook I don’t know, and why they would spend so much time and effort trying to hack a few bank numbers remains to be understood. In other words, its possible that someone could do something nefarious with this, but extremely, EXTREMELY unlikely. Packets don’t necessarily travel the same route each time either and all of these in-between nodes are supposed to be secured also.

        I mean we are literally talking about spy stuff. About some guy who has access to the telecommunications infrastructure in the area tapping into the hardware presumably with an “unmarked panel van.” Still sounds like BS to me.

        The only real-world likelihood here that would give the attacker enough of a reward for the time and effort required would be to snoop on public networks in coffee shops and the like as I said in my first post. And anyone who sits in a coffee shop using free wi-fi to manage their bank accounts kind of deserves whatever they get, don’t they?

      • standardpull says:

        You are correct that WIFI access point vulnerability is not a big deal. But sadly, the article is wrong. You only have to be somewhere in the network path. Yes, WIFI is often in the network path. But there are many more places that are in the network path (as shown by trace route, for example). You don’t see them, but I work in the business. I see them every day, as do thousands of y industry colleagues.

        One of the amazing beauties of SSL is that it does end-to-end encryption. No matter who gets your packets, only the endpoints can decode them. Normally those endpoints are your desktop (or handheld device) and your bank’s server (or other destination).

        However, due to the flaw, ANY device on the network route, including but by no means limited to a Wifi router, is a point of concern. So a decent hacker will target a major router, not your dinky access point.

        So all I have to do is be a renegade member of the cleaning crew at a place with Level3 colocation equipment in place. Level3 is a carrier for all sorts of network traffic with thousands of routers co-located all over the world. (Again, Traceroute will show you dozens of others as well).

        Being evil, I plug in my device into their equipment that’s just sitting there using a good old 10 Gbit ethernet cable. I have a program that takes any port 443 TCP traffic and routes it to all through a simple program.

        That program
        1. Looks for requests to interesting servers (let’s say a list of 20 popular banks)
        2. Looks for the Safari user agent
        3. If Safari, it intercepts the SSL cert and replaces with my bogus one
        4. Now since I am the endpoint, I grab any usernames, passwords, and mothersmaidennames
        5. I push the traffic onward to the bank(s).

        The user knows nothing, the bank knows nothing, and Level3 knows nothing. I am a man somewhere (anywhere) in the middle. Thousands of user packets traverse my program every minute. For each one, I record:

        Site URL, username, password, mothersmaidenname

        In the end, it takes very little smarts or horsepower to do this. I don’t even need to know the innards of the router I’m tapping into. I could just be a regular old CS student that knows a bit about TCP/IP, HTTP, and SSL. I could write the program at home in a few days.

        Could I do this, say, on a WIFI router? Yes, but that would be dumb – there are only a few users that traverse a WIFI router. But I’d get Thousands or Millions of user records if I did it on a gateway at Comcast, or Level3, or Sprint, or Telsis, or your University, or a large employer, or one of the other hundreds of providers that gateway traffic around the country.

        This is a big deal. It is awful. It can be fixed.

      • @mister_grey You do know that if you are on Cable internet, you share the same line with the subscribers around your neighbourhood? There are ways people can sniff the packets when you’re on Cable internet. If you use ADSL, you have your own connection to the ISP, and your traffic won’t be able to be sniffed that way.

    • You’re thinking way too small here. An attacker could drive a truck through this hole. Forget about online banking. SecureTransport on iOS/OS X is used for system updates. An attacker could compromise your entire system with a rogue update, permanently (at least until you reinstall). As pointed out elsewhere, it is not necessary to be on your wifi network. Any attacker with access to your network path can pull it off. Right now would be a great time to plant a malicious system update, since people are expecting an update. This kind of attack would be easy to launch on a large scale. No, they’re not going to bother targeting you. They’ll target everyone in a mass attack.

      Think like an attacker. This is very bad.

    • The level of urgency in regards to this flaw is actually far greater than you can possibly understand, given the response you shared. How in the world do you figure such odds? Have you ever noticed that crackers rarely go after really large targets? On the other hand, I’ve seens countless reports where an attacker has leaked someone’s personal info because they pissed them off.

      If an attacker knows you in person, or merely even knows where you spend time, say the Starbucks you frequent – that’s all they need to know to be in the same place at the same time and breach you.

      Saying the level of urgency in regards to this bug isn’t that bad is like saying “well, we found a new disease that’ll turn you into a zombie and terminate your life completely within 48 hours.…but only if you’re a high-profile person – the virus doesn’t care about you if you’re not a major player”. To spread such ignorant balderdash as that is what is highly irresponsible.

      I don’t care how “negligible” anyone seems to think a security flaw is. A security flaw is a SECURITY FLAW. If it’s something as simple as a java exploit (which I never even use, yet it still exists on my system) I will STILL go out and patch it. Why leave a door to your house unlocked when you can easily fix it? Who cares if you’re a spy or not? There are certainly folks out there who will take advantage of whatever they can do to anybody regardless.

  4. how do i apply the patch, thats been posted ?

  5. Brett Huhn says:

    I simply setup my Outlook in Office 2011 for Mac. Shouldn’t that cover security?