Apple today shipped a security update resolving a critical certificate-validation vulnerability in its OS X Mavericks operating system.
Details of the bug, which exists in OS X version 10.9.1 and is resolved by version 10.9.2, emerged on Friday after the company patched essentially the same bug in its iOS mobile operating system.
On unpatched systems, the bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, according to an analysis performed by security researcher Adam Langley. Langley says the problem arose from the way the certificate validation code processed two failures in a row.
“This signature verification is checking the signature in a ServerKeyExchange message. This is used in DHE and ECDHE ciphersuites to communicate the ephemeral key for the connection. The server is saying ‘here’s the ephemeral key and here’s a signature, from my certificate, so you know that it’s from me’,” Langley wrote in his analysis. “Now, if the link between the ephemeral key and the certificate chain is broken, then everything falls apart. It’s possible to send a correct certificate chain to the client, but sign the handshake with the wrong private key, or not sign it at all! There’s no proof that the server possesses the private key matching the public key in its certificate.”
Apple made the update that fixes this and a number of other bugs available a few hours ago. Apple warns that an attacker with a privileged network position can capture or modify data in sessions that should be protected by SSL or TLS on unpatched systems. Apple attributes the issue to a failure on the part of its secure transport mechanism to validate the authenticity of the connection. They claim to have resolved the problem by restoring certain validation steps that had been missing.
Due to the nature of the bug, Langely said certificate pinning – a defensive method that gives browsers the ability to associate a specific certificate with a specific site, thus preventing man-in-the-middle attacks – likely would not have any impact on this flaw, because there is no problem with the certificate itself:
“Because the certificate chain is correct and it’s the link from the handshake to that chain which is broken, I don’t believe any sort of certificate pinning would have stopped this.”
Another group of researchers from the security company CrowdStrike also looked at the code and noted that potential exploits of this vulnerability could include interception of sessions with webmail services, or any other SSL-protected sites.
“Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake,” reads the CrowdStrike analysis. “This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).”
The CrowdStrike researchers said that finding non-encrypted packet data in the SSL/TLS handshake could be indicative of exploit attempts targeting this vulnerability.
Of course, this certificate-validation problem is not the sole security fix issued by Apple today, who is well known for publishing long and pedantic security updates. Other updates include fixes for:
- a number of Apache vulnerabilities;
- a memory corruption problem related to the handling of type 1 fonts;
- a few application sandbox bypasses;
- the root certificate system;
- a buffer overflow that could allow for arbitrary code execution in CoreAnimation;
- a signedness issue in CoreText’s handling of unicode fonts that could lead to arbitrary code execution or unexpected application termination;
- a credential intercept for anyone using curl to connect to an HTTPS URL containing an IP address;
- a bug that could allow an attacker to take control of the system clock;
- an issue in finder that could permit unauthorized access to certain files;
- a memory leak problem spurred by maliciously crafted JPEGs;
- an issue with the NVIDIA drivers through which the execution of a malicious application could result in arbitrary code execution within the graphics card;
- multiple PHP vulnerabilities;
- a double free bug that existed in QuickLook that could be exploited to result in an unexpected application termination or arbitrary code execution if an attacker dowloaded a maliciously crafted Microsoft Word document;
- a handful of QuickTime bugs that could lead to application termination or arbitrary code execution;
- and a whole slew of problems affecting users that have not yet updated to the latest Mavericks iteration of OS X.
You can examine the full security contents of the update here.