Apple Planning Fix for OS X SSL Bug as New Research Reveals iMessage, Other Apps Affected

[springsup]

No security.

Great work, Apple!

That's a bit harsh; the bug comes from one erroneous line and it's easy to see how it might be overlooked.

This kind of bug is typical of a merge error (i.e. when multiple people are editing a file and merging their changes in when finished).

I'm a little interested how they know that it's goto and not some thing else… does goto actually have a one-to-one mapping with something in x86? (I guess it would be jump? But there's plenty of other things that would use jump too, I would think? Function calls would have jump-and-link, while and for would have some kind of conditional jumps… is goto really the only thing that translates directly to jump? I'm surprised Apple doesn't have a static analyzer that automatically rejects code using a goto…)

They know it's a goto because the source code is available.

You're right that gotos are not a good idea in commercial software. I learned not to use them from coding standards in places I worked, and I also always curly-bracket my if/else blocks. This is exactly the reason why I now do both of those things.

 

[C DM]

Why do you think I'm claiming a fix should take minutes? It's been nearly three days since iOS was patched.

Does Microsoft release usually things on the weekends? Let's at least be somewhat based in reality when trying to make comparisons.

----------

Which itself is an excuse/reason frequently given for badly written code.

If your code is difficult to test, you've almost always over complicated it, itself also often which means you've introduced bugs somewhere.

That's an oversimplified way of looking at it. There will be cases that are very much edge cases and quite hard to test for, but that alone doesn't mean that the code is bad.

 

[iSRS]

When you have a cryptology expert say that it's, "as bad as you could imagine, that's all I can say." Yes it's serious.

Sure. Ok. But guess what? There is an easy work around. Don't go on any unsecure public network for the time being.

In all things there is potential risk and then probable/likely risk.

Say there is a thunderstorm outside right now. There is potential that I could get struck by lightning. (Risk associated with current conditions). But the fact that I am indoors, not near any windows? I have taken precautions to minimize the probability/likelihood of the risk.

In other words, the risk has been identified. Until the risk is removed, we need to take accountability for ourselves and minimize our risk potential. And Apple should be held accountable. I believe they are acting responsibly. I think a fix will be out this week. I do not think they will wait until 10.9.2 is ready for release. If they don't meet these times? There should be an uproar.

 

[C DM]

We're talking about one broken library, literally - one line of code.

And sad to say but Microsoft actually releases critical updates out of schedule and ASAP.

In this case, I feel like they're waiting for 10.9.2 and it's not acceptable with the magnitude of this loophole.

Well feeling like and it only really being actually just 2 days that are the weekend kind of puts it in perspective. Out if schedule is one thing, over the weekend when the support levels are generally just not enough, and when perhaps not everything has been finished yet (and, yes, changing an OS-wide library is a big deal as far as potential implications and testing, despite the change being a small one) that's somewhat different. Seems like this whole part is just a bit too unnecessarily premature.

 

[oliversl]

Well, since iMessage is affected and all what Apple said about iMessage security, then is all BS.

Apple lost almost all respect regarding security, where is the d patch for OSX?

 

[Thunderhawks]

Well, since iMessage is affected and all what Apple said about iMessage security, then is all BS.

Apple lost almost all respect regarding security, where is the d patch for OSX?

Yep! Apple sucks and it's time go go back to Windoof! And, I think Tim Cook should be publicly shot, all Apple stores force closed by the government, all remaining stock of Apple products burned and the whole computer science should be done away with. Just unacceptable that humans involved make errors.

What was wrong with drumming or pigeons anyway?

 

[SantaFeNM]

Did you read the article? It's an OSX bug as well.

Yes I did.

If you read through the thread, you would know I was addressing why an OSX patch is critical, and that Apple's "very soon" hasn't been soon enough for OSX.

 

[Robert.Walter]

Sure. Ok. But guess what? There is an easy work around. Don't go on any unsecure public network for the time being.

In all things there is potential risk and then probable/likely risk.

Say there is a thunderstorm outside right now. There is potential that I could get struck by lightning. (Risk associated with current conditions). But the fact that I am indoors, not near any windows? I have taken precautions to minimize the probability/likelihood of the risk.

In other words, the risk has been identified. Until the risk is removed, we need to take accountability for ourselves and minimize our risk potential. And Apple should be held accountable. I believe they are acting responsibly. I think a fix will be out this week. I do not think they will wait until 10.9.2 is ready for release. If they don't meet these times? There should be an uproar.

The thunderstorm you cite has been going on since we loaded iOS 7 and osx 9 onto our devices.

Many of us thought buying apple devices was like sitting in a faraday cage security-wise.

Apple should had a Doppler-radar like quality assurance process that highlighted such fat-thumbs mistakes long before even the beta s/w was released into the wild.

This is extremely disappointing and scary for those of us that put all our critical info into the apple ecosystem.

It is doubly disappointing that apple has not sent updates to its customers letting them know what to and what not to do...

As a sweetener, it seems there is also a problem with the apple routers over the last several months too that nobody is talking about..

 

[iSRS]

As a sweetener, it seems there is also a problem with the apple routers over the last several months too that nobody is talking about..

What issue?

 

[Robert.Walter]

What issue?

Connectivity drops, instability in bandwidth. Seems to be going on since last fall and getting worse. I have spoken with 3 other parties who have combo of time capsules and airports all, on different ISPs, all on latest sw and all have similar probs as me.

I was planning an update to 5gen time capsule, but it was so unusable I will take it back.

Presently I am off my tc4 and using an old net gear that I failed to sell 3 years ago, and no problems.

This is what brings me to my previous statements.

 

[ArtOfWarfare]

It's common for error handling in C when you need to clean up resources and return. You'll find it in many large projects, Linux kernel and the like.

Yeah, I can see how the lacking some kind of try/throw/catch/finally would leave this as your best option for readability, since having a function would only temporarily redirect your flow - eventually it would return and still have the same problem. I had thought the only legitimate use of goto was for escaping nested loops.

 

[qubex]

Most people don’t seem to have picked up on this, but: since Software Update is affected, it’s entirely possible that you might download a MITMed patch that perpetuates rather than resolves the flaw. This has totally subverted the platform. To those who counter that one might simply run a test against a website after installing the purported patch, I respond that a sophisticated attacker (such as the NSA has revealed itself to be) could trivially encode certain exceptions into the malicious pseudopatch they provide.

If people were rational this would be recognised as basically the end of every installed system’s useful life.

 

[Parise]

I totally agree they knew and no it would not have stopped 911. I hate politics so I'm not even gonna argue about it, my point was spying is gonna happen across all governments it's reality. I don't do anything out of the ordinary so I don't care go ahead spy on me.

I'm not doing anything wrong when I'm taking a crap, but I prefer to do it with the door closed.

----------

Sure. Ok. But guess what? There is an easy work around. Don't go on any unsecure public network for the time being.

In all things there is potential risk and then probable/likely risk.

Say there is a thunderstorm outside right now. There is potential that I could get struck by lightning. (Risk associated with current conditions). But the fact that I am indoors, not near any windows? I have taken precautions to minimize the probability/likelihood of the risk.

In other words, the risk has been identified. Until the risk is removed, we need to take accountability for ourselves and minimize our risk potential. And Apple should be held accountable. I believe they are acting responsibly. I think a fix will be out this week. I do not think they will wait until 10.9.2 is ready for release. If they don't meet these times? There should be an uproar.

The amount of you that go out of your way to defend this simply due to your love for Apple is hilarious. Yeah, let me change my life completely because they screwed up.

 

[qubex]

Sure. Ok. But guess what? There is an easy work around. Don't go on any unsecure public network for the time being.

That is totally ridiculous and false. Anybody at any point on the path between you and the server you are connected to can inject packets to fool you - that is what SSL is designed to prevent and this is what the flaw is allowing. Every single hop between you and the server is a potential eavesdropper and interloper, and this allows them to just waltz in.

 

[Rigby]

Most people don’t seem to have picked up on this, but: since Software Update is affected, it’s entirely possible that you might download a MITMed patch that perpetuates rather than resolves the flaw. This has totally subverted the platform.

Software Update does not install any updates that are not digitally signed by Apple. The SSL bug does not affect this.

 

[mrkgoo]

Most people don’t seem to have picked up on this, but: since Software Update is affected, it’s entirely possible that you might download a MITMed patch that perpetuates rather than resolves the flaw. This has totally subverted the platform. To those who counter that one might simply run a test against a website after installing the purported patch, I respond that a sophisticated attacker (such as the NSA has revealed itself to be) could trivially encode certain exceptions into the malicious pseudopatch they provide.

If people were rational this would be recognised as basically the end of every installed system’s useful life.

You could also download the patch on an unaffected machine and transfer it.

 

[vpndev]

goto has valid uses

I'm surprised Apple doesn't have a static analyzer that automatically rejects code using a goto

It's possible to write code without goto but very often that code is harder to understand and maintain than code with goto. And for "harder to understand and maintain" you can read "more prone to error".

The style of if statement used in the buggy code in question has long been recognized as problematic. Including curly braces would have solved it but that can also have its problems. My personal style for these one-statement ifs is to keep them all on one line. So instead of

if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;

you would have

if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail;

This makes the bug a lot easier to find.

 

[leventozler]

http://www.mactrast.com/2014/02/os-...ng-includes-mail-safari-fixes-facetime-audio/

Update: AppleInsider reports that a person with access to the prerelease build has confirmed to them that the latest version of OS X 10.9.2 does indeed patch the so-called “goto fail” SSL security flaw.

 

[vpndev]

overtired and emotional

That is totally ridiculous and false. Anybody at any point on the path between you and the server you are connected to can inject packets to fool you - that is what SSL is designed to prevent and this is what the flaw is allowing. Every single hop between you and the server is a potential eavesdropper and interloper, and this allows them to just waltz in.

True - anyone can. But in most cases all those hops are controlled by companies with no interest in attacking you. No motivation at all. The only likely attack point is an unsecured WiFi access point.

Of course, if National Agencies have an interest in you then they will get you. But that's not a scenario that applies to many of us, however distasteful it may be.

 

[C DM]

That is totally ridiculous and false. Anybody at any point on the path between you and the server you are connected to can inject packets to fool you - that is what SSL is designed to prevent and this is what the flaw is allowing. Every single hop between you and the server is a potential eavesdropper and interloper, and this allows them to just waltz in.

While that is true in general, as far as this particular issue in iOS and OS X, wouldn't it mainly (if not really only) apply to the local network where the client (running iOS or OS X) interfacing with that network would be doing something? Given that any spoofing down the road would essentially be unrelated to the security hole on the client itself?

----------

True - anyone can. But in most cases all those hops are controlled by companies with no interest in attacking you. No motivation at all. The only likely attack point is an unsecured WiFi access point.

Of course, if National Agencies have an interest in you then they will get you. But that's not a scenario that applies to many of us, however distasteful it may be.

And there's that too.

 

[Parise]

While that is true in general, as far as this particular issue in iOS and OS X, wouldn't it mainly (if not really only) apply to the local network where the client (running iOS or OS X) interfacing with that network would be doing something? Given that any spoofing down the road would essentially be unrelated to the security hole on the client itself?

Walt Disney World allows guests resort wide to connect and use their wireless connection free of charge. So, with an average attendance of roughly 150k people a day, and lets say that 10% of them use an iPhone, 15,000 people (at least) are at risk of some jackass hacker posting up on a bench stealing any information they thought was "secure".

 

[C DM]

Walt Disney World allows guests resort wide to connect and use their wireless connection free of charge. So, with an average attendance of roughly 150k people a day, and lets say that 10% of them use an iPhone, 15,000 people (at least) are at risk of some jackass hacker posting up on a bench stealing any information they thought was "secure".

Sure, that would be an applicable scenario. It's somewhat different than the one I was replying to and asking about, which was actually itself in reply to a relevant scenario that mentioned "Don't go on any unsecure public network for the time being."

 

[Tech198]

so, this is anything that user SSL to communicate ?

That would mean IMAP with Mail, online banking, paypal, or any SSL site...

 

[leventozler]

Walt Disney World allows guests resort wide to connect and use their wireless connection free of charge. So, with an average attendance of roughly 150k people a day, and lets say that 10% of them use an iPhone, 15,000 people (at least) are at risk of some jackass hacker posting up on a bench stealing any information they thought was "secure".

Assuming they don't have client isolation..

 

[ArtOfWarfare]

It's possible to write code without goto but very often that code is harder to understand and maintain than code with goto. And for "harder to understand and maintain" you can read "more prone to error".

The style of if statement used in the buggy code in question has long been recognized as problematic. Including curly braces would have solved it but that can also have its problems. My personal style for these one-statement ifs is to keep them all on one line. So instead of

if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;

you would have

if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail;

This makes the bug a lot easier to find.

That does look a lot better.