Apple on Friday revealed a major SSL (Secure Socket Layer) vulnerability in
its software that affects all devices, allowing hackers to intercept and alter communications such as email and login credentials for countless Apple hardware users.
A new version of Apple's iOS for its tablets and phones was rushed out the door Friday to patch the vulnerability, wherein its mobile, tablet and desktop software is not doing SSL/TLS hostname checking รข€” communications meant to be encrypted, are not.
Imperial Violet has details on the bug itself:
The patch has only been issued for the more recent iPhones (4 and later), iPod touch (5th generation) and iPad (2nd generation).
Security researchers across several communities believe that Mac computers are even more exposed, as they are currently left hanging without a patch.
So here's the Apple bug:If you're worried your system may be affected, follow the link above to Imperial Violent, who has created a tool to do a quick check.static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
{
OSStatus err;
...
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;
...
fail:
SSLFreeBuffer(&signedHashes);
SSLFreeBuffer(&hashCtx);
return err;
}(Quoted from Apple's published source code.)
Note the two goto fail lines in a row. The first one is correctly bound to the if statement but the second, despite the indentation, isn't conditional at all. The code will always jump to the end from that second goto, err will contain a successful value because the SHA1 update operation was successful and so the signature verification will never fail.
Source:http://blog.agupieware.com/2014/02/goto-fail-apple-ios-compromises-ssl.html
Tidak ada komentar:
Posting Komentar