Apple has been working hard to get its products into the enterprise but a new security vulnerability is about to put a black eye on their reputation. Sure, we know that many companies have security related issues but it’s the fact of the obvious oversight of this issue that will raise alarm bells.
On Friday, Apple revealed a significant bug in their SSL/TLS implementation:
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
Based on the report, it seems that Apple didn't include (proper) hostname verification for any iOS <7.0.6. See below for updated details.
Matthew D. Green, Assistant Research Professor at the Johns Hopkins Information Security Institute, notes that this is "seriously exploitable."
I'm not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control.— Matthew Green (@matthew_d_green) February 21, 2014
Aside from iOS, we noted that this also seems to be present in OS X Mavericks, however it seems to be only affecting SSL connections over IP addresses rather than domains. While this does lessen the extent of the vulnerability, it's still a glaring issue into the security of the platform, and there may be a way to bypass this restriction.
An example of the issue can be demonstrated with the following commands in terminal:
curl https://neowin.net/ would fail, however curl https://22.214.171.124/ would be successful.
OSX Mavericks: SSL directly over IP is not being validated
If this is in fact the case, then this is a fairly significant security issue for all machines running OSX Mavericks, even if it is only affecting IP addresses and not domains. Many apps reference IP addresses directly, so this is a fairly problematic issue, and there is more than likely a method to get around the limitation.
Adam Langely, security researcher and part of Google's security team, notes that this is affects Safari on both iOS and OSX, and that it breaks SSL completely.
We expect that Apple will address this issue in short order but the fact that they occurred in the first place, is more alarming. With enterprise security (and consumer security) always a highly sensitive subject, such a simple oversight here could lead to profound implications if properly exploited.
UPDATE: Upon review of the SSL implementation, it seems that the function SSLVerifySignedServerKeyExchange was declaring that there was no error before the verification even took place.
As Adam Langely explains:
Note the two goto fail lines in a row. The first one is correctly bound to the if statement but the second, despite the indentation, isn't conditional at all. The code will always jump to the end from that second goto, err will contain a successful value because the SHA1 update operation was successful and so the signature verification will never fail.