Kenneth van Wyk: Apple's big fail

It's disturbing that Apple would release an essential fix for iOS while ignoring the exact same problem in OS X

Goto fail. Go directly to fail. Do not pass go.

What the heck does that mean, you may ask? Well, on Friday, Apple issued an update to iOS, version 7.0.6. The update was issued with the very intriguing text, "This security update provides a fix for SSL connection verification." Now, to many consumers, this no doubt seemed like gibberish, so I imagine many people glossed over it and didn't take it seriously.

To the security community, on the other hand, these words had fail written all over them. Indeed, it didn't take the community long to dig deeper into what was going on.

Over the weekend, a Google engineer (Adam Langley) published some additional details. The problem lies in a small piece of Apple's open-source published code:

SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) { OSStatus err; ...

if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err =, &hashOut)) != 0) goto fail; ...

fail: SSLFreeBuffer(&signedHashes); SSLFreeBuffer(&hashCtx); return err; }

Notice the two consecutive lines there that read "goto fail"? Well, there should only be one of them. In fact, the second one causes every execution of this code to jump to "fail:" below, thereby failing to properly validate an SSL connection. (There was other code as well, but this second "goto fail" is where the problem crept in.)

The result? An attacker could successfully perpetrate a man-in-the-middle attack on any piece of software that used Apples SSLVerifySignedServerKeyExchange method to test the validity of an SSL connection. Hint: the list is long.

Goto fail indeed.

But so Apple issued a patch, right? So what's the big deal? Well, according to Langley, the problem also affects OS X up to and including the current version 10.9.1. Uh-oh...

That is where the real fail lies, notwithstanding the extra "fail" in the source code.

I'm writing this on Monday morning, Feb. 24, and as of this moment, we still have a vulnerable OS X with no official patch from Apple. That's a lot of vulnerable Macs out there, folks.

Some folks are citing an unofficial patch, which may or may not work fine, but I'm disinclined to deploy or suggest to anyone (other than perhaps a software techie who wants to experiment) to deploy an unofficial patch.

I find myself simply scratching my head and wondering why Apple would release an iOS patch in the absence of an OS X patch, since both systems were affected by the same bug.

Why on earth wouldn't the iOS and OS X team coordinate a single release of both patches? Could it be there's an ongoing attack on iOS that I'm not aware of? Perhaps. Could it be that the iOS security team and the OS X security team are incapable of any meaningful collaboration on such a bug and patch? I have to say I'm more inclined to accept the latter explanation, sadly. I sincerely hope I'm wrong.

For that matter, I'm also more than slightly troubled that a bug like this, which appears to be nothing more than a simple human coding mistake, could go unnoticed during a static code analysis or security testing of the code. After all, we're talking about some hugely sensitive security code. SSL connection verifiers should undergo extensive code review as well as testing. Every logical aspect of that code should be tested using fuzzing and other security testing methodologies that are well known and accepted in the software security community.

Anyone who has read more than a couple of my columns shouldn't be surprised to hear that I'm a fairly heavy Apple user. I use a pretty full suite of Apple kit in my work, from my iPhone 5S to my iPad "3" and my Macbook Pro -- without a doubt the best laptop I've ever experienced.

Apple has not done us users any favors in how it has chosen to fix this bug. Patching iOS and leaving OS X vulnerable is at best highly unprofessional. Shame on Apple!

Goto fail indeed. Go directly to fail. Do not pass go. Do not collect $200.

With more than 20 years in the information security field, Kenneth van Wyk has worked at Carnegie Mellon University's CERT/CC, the U.S. Deptartment of Defense, Para-Protect and others. He has published two books on information security and is working on a third. He is the president and principal consultant at KRvW Associates LLC in Alexandria, Va.

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags AppleMobile/WirelessGoogleNetworkingsecuritywirelessBufferencryptionmobile

More about AppleApple.Carnegie Mellon University AustraliaCERT AustraliaGoogleindeedMacsMellonPara-ProtectTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kenneth van Wyk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts