Major Security Flaw in Apple iOS and Apple OS X, Involves Fundamental TLS / SSL Security Protocols
Apple Core Rot, security, OS X, iOS
UPDATE: OS X 10.9.2 is out with a fix for the TLS/SSL bug.
Apple has plenty of engineers for eye candy and destructive changes to usability.
But what about real usability, respect for compatibility and just plain fixing bugs? OS X Mavericks introduces more new bugs than I have ever seen in an OS release (including a new file system hang that I personally encountered*.
But that’s all trivial stuff in context—
In a nutshell, this particular bug allows a MITM attack (man in the middle); an attacker can interpose between the two ends, fooling each into believing the conversation is direct, undetected by both, capture everything in unencrypted form.
This exploit is made possible by the failure to validate the certificate (the nature of the Apple bug), that validation step being fundamental to the security. It is so critical and fundamental that no implementation could reasonably be released without a test suite to validate that it functions properly, well that’s my view when tens of millions of devices are in use. Obviously, Apple did not have that test suite in place.
The bug is so simple that it’s surprising a compiler warning was not issued: a 'goto' statement in the middle of a series of 'if' statements. With security code, one ought to enable all the warnings and have rigorous code-review processes in place.
What’s puzzling is given that the bug is trivially simple to fix (take out the errant 'goto'), Apple still has not issued an OS X fix. Fix the bug, and get that test suite written yesterday Apple.
“researchers faulted Apple for inadequate testing” 
This one is unforgiveable**. It could have compromised interactions with tens of millions of devices, had hackers exploited it (have they?), and that fact remains true for some time to come because plenty of people won’t update their devices and OS X doesn’t even have a fix as this was written.
You just don’t break a core security protocol like this. Who is in charge over there? Test suites should validate such stuff; it’s not exactly a new protocol. Heads ought to roll on this one and right up to high levels perhaps.
A security fix is in iOS 7.0.6 which is now available (affects iOS 6 also, v6.1.6 might fix it). Apple is mum on the full timeline and extent of the issue. See http://support.apple.com/kb/HT6147.
* Engineers at Apple have yet to test the Mavericks file system hang I reported, which is reproducible by highly competent other parties using different gear. I’ve filed a Bug Reporter bug and given specific instructions for a 100% reproducible test taking 5 minutes, but so far the response amounts to no action. I see it as indicative of serious internal issues at Apple in quality control.
** Your author worked for at time at Pretty Good Privacy (PGP), is familiar with TLS/SSL, and has implemented SSL on server software.
OS X is affected and a fix is yet to arrive
UPDATE: OS X has the same flaw and a fix HAS NOT been issued as of Feb 22. Which means that hackers everywhere are game to exploit this while they can. Details at Reuters.
Apple released a fix Friday afternoon for the mobile devices running iOS, and most will update automatically. Once that fix came out, experts dissected it and saw the same fundamental issue in the operating system for Apple's mainstream computers.
That started a race, as intelligence agencies and criminals will try to write programs that take advantage of the flaw on Macs before Apple pushes out the fix for them.
The flaw is so odd in retrospect that researchers faulted Apple for inadequate testing and some speculated that it had been introduced deliberately, either by a rogue engineer or a spy. Former intelligence operatives said that the best "back doors" often look like mistakes.
The bug has been present for months, according to researchers who tested earlier versions of Apple's software. No one had publicly reported it before, which means that any knowledge of it was tightly held and that there is a chance it hadn't been used
The issue is a "fundamental bug in Apple's SSL implementation," said Dmitri Alperovitch, chief technology officer at security firm CrowdStrike Inc
NOTE: “researchers faulted Apple for inadequate testing”.
Big surprise? Hardly. I noticed this starting years ago, and it’s why I wrote Apple Core Rot a little over a year ago; it just became so obvious that software quality was being compromised in so many ways. It’s one reason why Apple’s proprietary hidden code presents a very serious concern in a worldwide sense up to and including the spectre of a national security threat: one vendor with a proven track record of extreme secrecy depended upon by tens of millions of users, if not more. Open source can be examined by experts; closed source code cannot.
BTW, it is NOT true that iOS devices update automatically. Mine didn’t; I had to connect them up, launch iTunes and make it happen. I have a friend with iPhones who doesn’t even get it near a computer or WiFi for months = no update. He can’t be alone.
This kind of flaw makes the Target fiasco look like a minor spat in a kiddie sandbox: the effects of a TSL/SSL compromise in Apple iOS and OS X are worldwide and could be devastating if exploited properly by opportunistic hackers. What is Apple’s liability if something happens, e.g., access to Citbank, Chase, Schwab, and similar financial sites?
Moreover, the ramifications extend well beyond now and well beyond a fix: systems compromised by this bug could harbor malware lying in wait undetected. It is a very ugly potentiality. It’s not just about your access, it’s about that financial institution employee whose system was compromised... an employee with access to critical systems. Ditto for internet service providers. I wonder if anyone in the military uses an iPhone or iPad or Mac?
It’s not clear at all if use of Google Chrome or Mozilla Firefox avoids the security issue, but Apple kicks Mac users in the teeth by not IMMEDIATELY making that point clear (so users can avoid Safari). Apple should be on paid television telling users exactly how to safeguard their internet use, how to play it safe. It’s unconscionable. The core rot extends to ethics apparently.
Wow. It’s a huge prize and if hackers everywhere aren’t salivating and working 24 X 7 on this gift from heaven... consider that they don’t have to compromise your Mac or iOS device, they just have to compromise the right accounts at the right companies, insert their hooks and all heck could break loose in the Garden of Apple.
Is the 'cloud' and swarms of devices attached to it an inherently flawed design ?
Your author worked for a few years at PGP, where security does not rely on a single certificate authority (“web of trust”). Unfortunately, the world adopted the hierarchical X509 system, which fails utterly when any top level signer is compromised, and forces users into no backstop (no ability to require more than one signer). The hierarchical vs distributed trust model is not the issue per se here, but it is related in that the bug involves failing to check the certificates properly. Moreover, a cloud-based future makes distributed trust (more than one signer) the only really intelligent choice, just in case an authority is compromised (and that has happened).
In an age where millions of always-on devices are at risk, you don’t screw up fundamentally critical things like this. It’s one reason I abhor gatekeeper type services like the Apple App Store: one screwup and the entire system is at risk worldwide for tens or hundreds of millions of devices. I wrote about this months ago, and while some readers poo-pooed my remarks as alarmist, I repeat that warning even more emphatically now.
It's a near certainty that the NSA has had that exploit at its disposal for a while, and the NSA sniffs the backbone of the internet, so it is perfectly situated for a MITM exploit (and surely has a well developed kit of tools to do just that). Other spy agencies or simply sophisticated hackers with compromises to backbone systems, or at least wireless networks are hardly to be ruled out, which puts them into a nifty position also. When TLS/SSL is undermined, the entire internet is undermined.
Joshua C writes:
Just noting that iOS 6.1.6 also addresses this fix. So it's not just limited to iOS 7 and therefore goes a ways back.
MPG: the TLS/SSL protocol has been around a while. It is unconscionable to see such a basic check on a key underpinning (signature checking on certificates) not incorporated into a validation test suite. Put plainly, it is gross incompetence. It is so unbelievable that one might contemplate the “deliberate action” or “intentional” scenarios. I wouldn’t want to be the engineer who committed that source code change into the SCC system.