Apple SSL Vulnerability Affects OSX Too

The certificate-validation vulnerability that Apple patched in iOS yesterday also affected Mac OS X up to 10.9.1, the current version.

The certificate-validation vulnerability that Apple patched in iOS yesterday also affected Mac OS X up to 10.9.1, the current version. Several security researchers analyzed the patch and looked at the code in question in OS X and found that the same error exists there as in iOS.

Researcher Adam Langley did an analysis of the vulnerable code in OS X and said that the issue lies in the way that the code handles a pair of failures in a row. The bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, Langley found.

“This signature verification is checking the signature in a ServerKeyExchange message. This is used in DHE and ECDHE ciphersuites to communicate the ephemeral key for the connection. The server is saying ‘here’s the ephemeral key and here’s a signature, from my certificate, so you know that it’s from me’,” Langley wrote in his analysis. “Now, if the link between the ephemeral key and the certificate chain is broken, then everything falls apart. It’s possible to send a correct certificate chain to the client, but sign the handshake with the wrong private key, or not sign it at all! There’s no proof that the server possesses the private key matching the public key in its certificate.”

Some users are reporting that Apple is rolling out a patch for his vulnerability in OS X, but it has not shown up for all users as yet. Langley has published a test site that will show OS X users whether their machines are vulnerable.

He points out that because of the nature of the bug, certificate pinning likely would not have had any effect on this vulnerability. Certificate pinning allows clients such as browsers to specify the exact certificate that they associate with a given site, helping to prevent man-in-the-middle attacks. But in this case, there’s no problem with the certificate itself.

“Because the certificate chain is correct and it’s the link from the handshake to that chain which is broken, I don’t believe any sort of certificate pinning would have stopped this. Also, this doesn’t only affect sites using DHE or ECDHE ciphersuites – the attacker gets to choose the ciphersuite in this case and will choose the one that works for them,” Langley said.

Researchers at CrowdStrike also looked at the code, and said that likely attack scenarios could include interception of sessions with webmail services, or any other SSL-protected site, for that matter.

“Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system),” their analysis says.

The CrowdStrike researchers said that finding non-encrypted packet data in the SSL/TLS handshake could be an indication of exploit attempts against this vulnerability.

Suggested articles


  • hank on

    > Langley has published a test site And what should one see clicking that link?
  • Jay on

    This would affect SSL for web browsers, email servers, calendar syncing, everything using SSL on OS X correct? Do you know which versions of OS X are affected?
  • Peter Gillespie on

    "Dennis Fisher is a journalist with more than 13 years of experience covering information security." Has he found any yet?
  • Thomas H. on

    I suppose, that the test site would come up only if the OS is affected by the security bug? For me it does not. I use Firefox on OS X 10.6.8
  • BlackCat on

    Unpatched iOS 6 & 7 and 10.9+ are currently vulnerable. Avoid any programs that use SSL from Apple, like Safari, Mail etc. Firefox and Thunderbird are fine as they use another method to verify certificates. What is shocking about this is multiple code checks should have easily picked up this cut and paste mistake. What I think we are seeing here is deliberate sabotage or worse, collaboration with the NSA to introduce a flaw and if ever discovered would be attributed to human error. Apple hires fresh cheap coders out of college then pressures and scares the hell out of them into silent obedience less they lose their lucrative jobs and/or be sued into poverty. Not many people remain at the company longer than 5 years, turnover is intentionally very high. It's a rather fertile environment for all sorts of underhanded behavior and security mistakes to occur. Now researchers found yet another iOS vulnerability, apparently background running apps can record all keystrokes and send them to a remote server. This is yet another of a long line of basic common sense security mistakes made by the company. Unix can only protect so much, it can't protect against stupidity.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.