August 12, 2011, 12:13PM
New Workaround Released For iOS SSL Flaw
Comment 
A security researcher has released a new workaround for the critical vulnerability in the Apple iOS operating system related to the way that the OS handle SSL certificate validation. The workaround makes some key checks in the certificate chain that the vulnerable versions of iOS and a previous workaround fail to execute.
The iPhone SSL bug came to light in July and it involves the failure of the operating system to validate the certificate chain, and specifically could allow an attacker to get a legitimate certificate for a valid domain. With that, he could then execute a man-in-the-middle attack against iPhone users who visit the site and capture their traffic.
Apple patched the iOS vulnerability on Aug. 1 with the release of iOS 4.3.5 and experts have been encouraging users to update as soon as possible because of the seriousness of the vulnerability. Trustwave's SpiderLabs, which discovered the flaw, released a workaround for the problem as well, but researchers at Duo Security found that it didn't entirely address the issue. So the Duo researchers developed their own workaround.
Editor's Pick
"At a high level, our workaround functions by first using iOS’s built-in frameworks to validate a certificate chain for an SSL connection, and then – if iOS determines that the chain is valid – double-checking its result using OpenSSL. In this case, both implementations are slightly incomplete: iOS, as we now know, fails to check basicConstraints; meanwhile, our relatively simplistic OpenSSL verification routine does not bother to – for example – check that the leaf certificate’s hostname matches the URL request. Running these two checks in sequence, though, we should have everything covered," Duo's Adam Goodman wrote.
Duo also released a test app for the iPhone that enables users to enter a URL and send a request to the site to connect. If the site does not a valid certificate chain, then the request will fail and the app will return an error message. The app uses OpenSSL to validate the results of the workaround's checks.
The workaround is available at Github.
Commenting on this Article is closed.
Today's Most Popular
- Anatomy of a LulzSec Attack 'Singles Out' Web 2.0 Weakness
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Google to Notify Users of DNSChanger Infections Ahead of July 9 Deadline
- Facebook Cancellation Malware Disguised As Adobe Update Making Rounds
Most Commented Stories
-
Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest (9)
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (10)
-
HULK DDoS Tool Smash Web Server, Server Fall Down (4)
-
Author of LilyJade Facebook Plugin Ignores Facebook Cease-and-Desist (3)
-
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you (1)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
