Apple and the SSL/TLS bug: Open questions

Apple and the SSL/TLS bug: Open questions

Summary: [UPDATE] It says something about Apple's priorities that they fixed the iOS version of a very serious bug but left Mac users conspicuously vulnerable.

SHARE:
TOPICS: Apple, Security
54

The SSL bug Apple patched on iOS on Friday is a shocking and embarrassing one. That it appears to have been in both iOS and OS X for some time and the way Apple is addressing it show both that Apple knows how serious it is and that Mac users play second fiddle in Apple's orchestra. Apple has only released a patch for iOS, not OS X.

Make no mistake about it, this is a very serious bug. The bug makes it fairly straightforward to intercept and decrypt SSL/TLS communications, probably the most important security protocol there is today. Any time you see Apple (or really any major vendor) release an update that fixes a single bug, you can be sure it's a high-priority bug. And there's no reason to believe that it's higher-priority for iOS users than for Mac users. So why did they not fix OS X at the same time? Because OS X isn't top priority anymore.

[UPDATE: Reuters is reporting that Apple tells them a fix for OS X is being tested and will be released "very soon".]

[UPDATE 2: Exactly why Apple waited to release the OS X patch became clear four days later when they released that patch as part of a much larger set of updates.]

The analysis of the bug by Google's Adam Langley on his personal blog shows clearly what happened. He was able to find it rather easily using the scant information provided by Apple because the code in question has been open-sourced by Apple. Contrary to some claims, Apple did not just use OpenSSL, at least not for this code. There is only one copyright statement and it is Apple's.

The error is a simple one that's easy to see when you look right at it, but perhaps hard to see when you're looking at the whole 1,970 line file. The error is on line 632. It's an extra "goto fail;" statement that causes SSL signature verification to succeed always (in certain very common configurations). For more detail on all this, read Langley's post. It has the look of a thoughtless editing bug — a slip of the fingers — rather than an error in logic. The fix is simply to remove line 632 and recompile.

Note that Stefan Esser has released an unofficial patch for the bug on OS X 10.9 (Mavericks). He warns that the patch is not for novices.

Incidentally, lest anyone think Langley views Apple as a competitor in this regard, think different. Langley is well-known for working to improve the strength of Internet security generally. He makes clear that he feels bad for the Apple developers who made the mistake, that it could happen to anyone, and that in any software project so large and complex, mistakes are inevitable. Even so, such errors should be found in code review.

We don't know how the bug was found. They don't credit anyone in the security bulletin. It's possible that they found it in an internal code review. It's possible a third party found it and brought it to Apple's attention (although normally you would expect that party to be credited). It's possible they became aware of exploits of the bug and haven't disclosed the fact. This last possibility might also explain why only iOS was patched so far, if perhaps the exploits are somehow only targeting iOS. But I'm speculating, which is all I can do when Apple leaves an information vacuum.

Another sign that Apple views this as an über-high priority bug: They also issued a patch for iOS 6. Apple doesn't want any users on iOS 6 and likes to brag about how quickly iOS users migrate to the next major version. Over two months ago Apple claimed that 74 percent of iOS devices were running iOS 7There hasn't been a security update for iOS 6 in almost a year. I'm sure Apple doesn't want to do anything to make it easier for iOS users to stay on iOS 6, but they patched it anyhow. That's how serious it is.

[UPDATE: The update for iOS 6 is available only for the iPhone 3GS and 4th generation iPods. The iPhone 4 and 4S, which are capable of running iOS 7, are only offered iOS 7.0.6 to address the SSL/TLS bug, even if they are running iOS 6.]

We don't know how old the bug is. At first I was inclined to believe that it had been around a while, but that's not clear anymore. Fortunately for Mac users who have not upgraded to OS X 10.9 (Mavericks), it appears from the early tests that OS X has only had the bug since version 10.9. It was in both iOS 6 and 7.

This episode says something interesting about open souce as well. This code was published for all to see and appears to have been there for a year at bare minimum, and yet it's clear that nobody, inside or outside Apple so much as ran it through a serious static source code analyzer.

Should it have been found at compile time? Langley notes that if he compiles the code using Apple's Clang 3.3 from Xcode with the -Wall option to enable all warnings, he gets no warning about the problem. Peter Nelson points out on Twitter that there is a separate -Wunreachable-code option which does find it, but which is not included as part of -Wall. Mark Janssen says that -Weverything does include it and finds the bug. (Therefore, "everything>all == 1" to Xcode.) So it could have been found, but it also seems like the tools are confusing even to experts.

Speaking of compilers and warnings, Stefan Esser tells me that even though the compiler doesn't warn of the unreachable code, it is smart enough to optimize it away. His unofficial patch has to recreate the missing code rather than just NOP over an extraneous goto.

The whole episode, which is still not over, makes me wonder about code review at Apple. Bugs like this are bound to happen in any organization, but it's shocking that they could sit undetected for so long.

Topics: Apple, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

54 comments
Log in or register to join the discussion
  • Major screw up

    And yeah we Mac users have a right to be peeved. We pay a lot more than their iPad customers.... Why isn't this being fixed? Will be switching to Chrome....
    Mac_PC_FenceSitter
    • Not Denying Rights

      There are more iOS users than Mac users. We all would love it if we could do all things at once, but sometimes one has to prioritize engineers.

      Now, I find it pointless to get peeved over something like this. I'm not going to sell off my Macs and buy new computers and replace applications to get on a different platform. This will get fixed. In the meantime, why go around angry? It isn't healthy and it doesn't solve any thing.

      Now you may be pulling our legs. If so, you got me, and well played, sir. If not, I wouldn't be so sure that Chrome doesn't rely on the system for SSL support. Though, by Chrome, maybe you are talking about replacing your Mac with a Chromebook. Google and Chrome. Microsoft and Windows. Apple and i. Ye cats.
      DannyO_0x98
      • Chrome implements its own

        Of course that won't help with what the computer itself does, but will at least keep the browser free from middle man attacks.
        Mac_PC_FenceSitter
      • OMG

        Hope you were never one of the guys who used to say MS should do everything at once when it came to serious security errors.
        Cayble
      • Serious

        I consider this very serious and they should release a fix at the same time as iOS. Especially as it is now common knowledge and it can and will be used against OSX users. Fortunately I'm not bit by it as I'm still on 10.8.5 so I'm not hit.
        danixdefcon5
    • Re: we Mac users....

      Are there really any major implications. Well no not really. The SSL/TLS issue although not exclusively affected iOS. Having said that at no time has it been suggested across the media that it poses an immediate threat to OS X. No doubt Apple would have taken this in to consideration when rushing out the iOS 7.6 update.
      As much as we appreciate the OS X platform there is no denying many more iOS devices are out there and although it would seem tough on those working with OS X like ourselves it is only correct that in this instance iOS should take priority.
      It is quite likely an update will be released for OS X Mavericks but the more burning question is will the same update be released for OS X Mountain Lion. This will answer the question as to whether Apple is still supporting OS X Mountain Lion and if applicable OS X Snow Leopard which still has a considerable user base.
      There are many that have chosen to remain using iOS6 on their devices and that is where the major concern lies.
      5735guy
      • Re: iOS6....

        Refer to the post relating to fix for iOS6
        http://support.apple.com/kb/DL1722
        5735guy
        • I wanna keep IOS 6

          I wanna keep IOS 6..... Or rather I should say I don't want IOS 7. I am not against change and progress... But not in favor of change and regress......

          I have an iPhone 5..... So they won't let me have patch and stay with 6. I use the ClaendR like my external brain... Have icons..... Deep notes and other identifiers for critical information and the ios7 makes the calendar clunky and hard to read..... HELP.... What can I do? Just stop banking on iPhone? And don't buy Amazon on the fly anymore .
          Pammorris
          • Keeping iOS6, and fixing the ssl issue

            I had the same issue as you. I didn't want iOS 7, and I wanted to be secure. I found this.

            Jailbreak it. But... It was extremely easy, it took about 10 minutes, and I was able to then use a patch to update the SSL vulnerability. I should've jailbroken a long time ago! Here's what I did:

            1. Test your iPhone (or any Apple OS device) on https://gotofail.com/
            2. Jailbreak with P0sixspwn. It's for Windows or Mac, and couldn't be easier. Instructions and downloads here: http://www.iphonehacks.com/download-p0sixspwn
            3. Get the patch. Instructions here: http://www.idownloadblog.com/2014/02/23/sslpatch-ios-7-0-6/
            Note, you do not need to "add a repository", per the instructions. Just load Cydia app and search for "SSLPatch". Install it and you're set.
            4. Finally, retest your iPhone on https://gotofail.com

            Hope that helps!
            BeavisDaMeavis
      • Yes there are major implications

        On any public WiFi, someone can pretend to be facebook.com and collect every single authentication request that is sent, be it passwords, or saved session state cookies.

        Most people use the same password everywhere. This opens the door to some serious identity theft exploits at any airport (look around an airport some time, count the Macs in a lounge, it is not just a theoretical opportunity. )
        Mac_PC_FenceSitter
      • mountain lion is not affected

        This is a Mavericks-only bug on OS X.
        And I'd be surprised if there are any problems from the update. It's a very simple change in one program.
        larry@...
  • Are you aware of any successful Black Hat exploits via this attack vector?

    I'm far from an Apple apologist (like everyone else I don't wish my systems compromised), but if the expects at Black Hat didn't find this coding flaw (and I'm assuming they didn't), doesn't that mean this attack vector was less than obvious?

    BTW, I've read several online suggestions that offer suggestions to minimize possible security breaches until Apple releases a patch for OS X systems. As you might guess, some of those suggestions are avoiding any unencrypted WiFi sources and to only access trusted and secure web sites.
    kenosha77a
    • Do you read C?

      Take a look at the error. Pretty sure someone would have noticed that. One of the biggest code fails I have ever seen.... No memory randomization, buffer overrun there.... It's basically a return that fires no matter what, outside an if block. The kind of mistake that costs you marks in first year Computer science.
      Mac_PC_FenceSitter
      • Actually, and surprisingly, I never really learned to program in "C"

        My programming days involved "Basic", "Fortran", "Cobol", "Pascal", "Lisp", "Prolog" (I really was into AI back in the day.), "PL/I" (My University days - I hated it (too many punchcards) and some knowledge of Ada. (The military was thinking about switching over from Cobol to Ada and I thought it might become important for my career.)

        But then I found my day job as an automotive manufacturing engineer and left my "hobbies" behind - for the most part.

        And, like I stated, I never really bothered to get into any of the "C" variants (C++, ex cetera).

        But knowledge of this exploit wasn't really my question, FenceSitter. I was just curious if those security experts over at Black Hat had discovered it and/or had made that exploit known to Apple.
        kenosha77a
        • no info yet

          We don't know whether it is/was being exploited. If it was, then we should start to hear of users who apply the patch getting errors. Maybe. It might be very targeted. Or maybe it's not being exploited.
          larry@...
      • Ugly Code

        It's sweet that everyone is pointing out that this is probably a typo and wringing their hands about gcc -Wall not catching dead code, but gcc -Wall isn't your Mom and while it is almost certainly a typo, it's exactly this sort of ugly, goto infested code where such typos can cause so much grief. This isn't some "deeply nested within the subroutine" situation, it's just bad, rookie code. And it's not just this file, other files in the same directory have the same stink. Doesn't anyone have coding standards anymore? Code review? QA? This isn't "make the window chrome pretty" code, this is security code. People get paid to write code like this? Heads should roll, and not just the author of this little turd. He or she has a boss. They should have known the state of their codebase.
        lillibolero
    • The thing about that advice...

      "As you might guess, some of those suggestions are avoiding any unencrypted WiFi sources and to only access trusted and secure web sites."

      The first suggestion is valid. The second one, though, is useless given the flaw. www.mysecurebank.com (fictional bank I'm putting up as an example) is a "trusted and secure web site" … but given the SSL bug, I can't know if I'm actually going straight to that site instead of a middleman posing as that site.

      Yes, I'm guessing that any Blackhatter has already stumbled into this one.
      danixdefcon5
  • Simple solution for Apple's legacy MacOS problem

    Ditch MacOS altogether, its time is past. Continue to sell Mac hardware with Windows instead. Everyone would be happy. Except, of course, the Linux crowd, and nothing would make them happy.
    Sir Name
    • Dumb

      One double slash in a code file would fix the bug. No one will switch OS over that.
      Mac_PC_FenceSitter
    • Dumber than Dumb

      Like switching to an OS that has a track record showing far more security problems is a solution. I wouldn't even consider it.
      pnosko