Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no Heartbleed
Triple-handshake flaw stalks Macs and iThings
Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs.
Apple's "triple handshake" bug [CVE-2014-1295, advisory] is unrelated to Heartbleed, and nothing like as serious, according to security experts. For one thing, Heartbleed is a problem in OpenSSL versions 1.0.1 to 1.0.1f, whereas Apple uses its own implementation of SSL/TLS, called Secure Transport, and provides an older OpenSSL library just in case.
"Apple ships with OpenSSL 0.9.8, a version that is not affected by Heartbleed," confirmed Wolfgang Kandek, CTO at cloud security firm Qualys, in a blog post.
Matthew Green, a professor of computer science who teaches cryptography at Johns Hopkins University in Maryland, US, commented: "The SSL patch in the new Apple update fixes a subtle issue with client authentication. Not too terrifying."
What is a triple-handshake vulnerability?
In Apple's words, the bug can be exploited thus:
In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other.
To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.
This vulnerability was assigned CVE-2014-1295 on 8 January, 2014, and is linked to the triple handshake design flaws in the SSL/TLS protocol that were publicly documented in early March by Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Alfredo Pironti and Pierre-Yves Strub (see Register passim).
Apple was privately warned of the vulnerabilities by the aforementioned researchers on 10 January, we're told. Yesterday's security update for Secure Transport "fixes renegotiation and header truncation issues", according to the triple-handshake team; the iPhone maker duly credited the Paris-based researchers in its advisory this week.
"To summarize the attacks briefly, if a TLS client connects to a malicious server and presents a client credential, the server can then impersonate the client at any other server that accepts the same credential," the team wrote on its website about the problem back in March.
(It's worth noting that the developers behind Chrome, Opera, Android, Firefox, and Internet Explorer were also notified of triple-handshake flaws in their software – some as early as October – and have patched, or are patching, accordingly. OpenSSL is "not directly affected", said the researchers.)
OS X update roundup
Apple published updates for Mac OS X 10.7 (Lion), 10.8 (Mountain Lion) and 10.9 (Mavericks) on Tuesday: these tackle a JPEG handling flaw in Mavericks that poses a code injection risk, and a format string issue in the URL handling that poses an identical type of remote-code exception threat in Mac OS X 10.9. Another patch tackles a PDF font parsing vulnerability that can be exploited by hackers to run malware on Mac OS X 10.8 machines.
Lastly, on the desktop front, there're patches for a lesser sandbox escape vulnerability in 10.8 (Mountain Lion) and 10.9 (Mavericks).
Apple also published a new version of iOS, namely version 7.1.1, that addresses some of the same issues. These various updates to Apple's computer and smartphone software, which include performance tweaks, are covered in greater depth in our earlier story here. ®