Feeds

Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no Heartbleed

Triple-handshake flaw stalks Macs and iThings

Choosing a cloud hosting partner with confidence

Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs.

The so-called "triple handshake" flaw quietly emerged yesterday amid panic over OpenSSL's Heartbleed vulnerability, and soon after the embarrassing "goto fail" blunder in iOS and OS X.

Apple's "triple handshake" bug [CVE-2014-1295, advisory] is unrelated to Heartbleed, and nothing like as serious, according to security experts. For one thing, Heartbleed is a problem in OpenSSL versions 1.0.1 to 1.0.1f, whereas Apple uses its own implementation of SSL/TLS, called Secure Transport, and provides an older OpenSSL library just in case.

"Apple ships with OpenSSL 0.9.8, a version that is not affected by Heartbleed," confirmed Wolfgang Kandek, CTO at cloud security firm Qualys, in a blog post.

Matthew Green, a professor of computer science who teaches cryptography at Johns Hopkins University in Maryland, US, commented: "The SSL patch in the new Apple update fixes a subtle issue with client authentication. Not too terrifying."

What is a triple-handshake vulnerability?

In Apple's words, the bug can be exploited thus:

In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other.

To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.

This vulnerability was assigned CVE-2014-1295 on 8 January, 2014, and is linked to the triple handshake design flaws in the SSL/TLS protocol that were publicly documented in early March by Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Alfredo Pironti and Pierre-Yves Strub (see Register passim).

Apple was privately warned of the vulnerabilities by the aforementioned researchers on 10 January, we're told. Yesterday's security update for Secure Transport "fixes renegotiation and header truncation issues", according to the triple-handshake team; the iPhone maker duly credited the Paris-based researchers in its advisory this week.

"To summarize the attacks briefly, if a TLS client connects to a malicious server and presents a client credential, the server can then impersonate the client at any other server that accepts the same credential," the team wrote on its website about the problem back in March.

In the case of the buggy Secure Transport, a miscreant with access to a router or dodgy Wi-Fi point can sit between, say, a web browser and a HTTPS web server, and potentially read web pages that should otherwise be fully encrypted between the pair, or inject malicious JavaScript into the pages. HTTPS relies on SSL/TLS to protect data in transit from eavesdroppers and tamperers.

(It's worth noting that the developers behind Chrome, Opera, Android, Firefox, and Internet Explorer were also notified of triple-handshake flaws in their software – some as early as October – and have patched, or are patching, accordingly. OpenSSL is "not directly affected", said the researchers.)

OS X update roundup

Apple published updates for Mac OS X 10.7 (Lion), 10.8 (Mountain Lion) and 10.9 (Mavericks) on Tuesday: these tackle a JPEG handling flaw in Mavericks that poses a code injection risk, and a format string issue in the URL handling that poses an identical type of remote-code exception threat in Mac OS X 10.9. Another patch tackles a PDF font parsing vulnerability that can be exploited by hackers to run malware on Mac OS X 10.8 machines.

Lastly, on the desktop front, there're patches for a lesser sandbox escape vulnerability in 10.8 (Mountain Lion) and 10.9 (Mavericks).

Apple also published a new version of iOS, namely version 7.1.1, that addresses some of the same issues. These various updates to Apple's computer and smartphone software, which include performance tweaks, are covered in greater depth in our earlier story here. ®

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.