Apple has fixed a serious security flaw that’s present in many versions of both iOS and OSX and could allow an attacker to intercept data on SSL connections. The bug is one of many that the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have serious consequences as well, including the ability to bypass memory protections and run arbitrary code.

The most severe of the vulnerabilities patched in iOS 7.1.1 and OSX Mountain Lion and Mavericks is an issue with the secure transport component of the operating systems. If an attacker was in a man-in-the-middle position on a user’s network, he might be able to intercept supposedly secure traffic or change the connection’s properties.

In a ‘triple handshake’ attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker’s data in one connection, and renegotiate so that the connections may be forwarded to each other,” the Apple advisory says.

The vulnerability affects OS X Mountain Lion 10.8.5, OS X Mavericks 10.9.2, as well as iOS 7.1 and earlier. The bug joins a list of serious problems that have affected SSL in recent months, most notably the OpenSSL heartbleed vulnerability disclosed earlier this month.

Among the other flaws Apple patched in its new releases are a number other severe vulnerabilities. For OSX Mavericks users, the two most concerning issues are a pair of buffer overflows that could lead to remote code execution. One of the bugs is in the font parser and the second is in the imageIO component. The upshot of the vulnerabilities is that opening a malicious PDF or JPEG could lead to arbitrary code execution.

There also is a serious vulnerability in the way that Safari handles some HTTP headers on both OSX and iOS.

“Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie,” Apple said in its advisory.

OSX also contains two separate vulnerabilities that could enable an attacker to bypass ASLR, one of the key exploit mitigations built into the operating system. One of the flaws is in the IOKit kernel while the other is in the OSX kernel. The IOKit kernel ASLR bypass also affects iOS 7.1 users.

Categories: Apple, Mobile Security, Vulnerabilities

Comments (3)

  1. Seattle coder
    1

    Welcome to Apple’s new reality (and “free” software’s – see openssl bug). Funny thing is Microsoft has a ten year head start securing their code.

  2. CupertinoFishHeads
    2

    Problem with Apple is multifold.

    They hire kids out of the local college because they don’t want to pay squat. Then they abuse them, keep them in the dark and feed them lots of sh*t.

    They change OS X every year so they don’t even have time go over the code well before publishing.

    The marketing department runs Apple followed next by the NSA guy in charge of product security.

  3. David McPhail
    3

    I wish SOMEONE/ANYONE could tell me where to download an update to fix the Apple OS X Maverick bug with saving files. The bug is when you go down a root (like from a server) to a folder with with a file (say Illustrator), change it, do “save as” – instead of the save window coming up at the point/folder where the file is – IT GOES TO THE BEGING OF THE ROOT AT THE MAIN FOLDER OF THE SERVER!!! This is actually costing me $$$.. It’s taking an extra 20 to 30 minutes to save all the files I work with each day. That’s about 87 hours a year! Yikes!!!
    Can someone please tell me where an update is that will fix this.
    I’ve already installed all the updates I can find – no use.

Comments are closed.