10:30 ET, 28 February 2014

Apple released a security update to iOS that restores some certificate-validation checks that had apparently been missing for an unspecified amount of time.

Last week Apple released a security update to iOS (iOS 7.06) to fix a flaw for certificate-validation checks that could be abused by attackers to conduct a man-in-the-middle attack within the victim’s network  to capture or modify data even if protected by SSL/TLS.

In reality the checks were present in past versions, but they were not included in the recent version of the operating system for an unspecified amount of time.

“iOS 7.0.6 Data Security

Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. CVE-ID CVE-2014-1266” is reported by Apple as further specification for the update released.  

Apple confirmed that last update resolves a problem with the way that iOS imlements certificate validation for a secure connection, it also added that the fix was possible restoring missing validation steps. The above statement is disconcerting, because in an historical moment when the user’s privacy always under discussion, the company accidentally forgot to include a key control that was present in the past.

a1

At the moment there is no information regarding the exact release that missed the precious controls, but there are no doubts about the severity of the flaw that could allow attackers to intercept communications that are meant to be encrypted in iPhone, iPad and Mac computer.

To give an idea of the impact to also to non-experts we must remark that an attacker accesses to the same network of the victim could intercept protected communication between the user and sites such as Gmail that implements SSL/TLS.

Who would benefit from such a vulnerability?

Of course any intelligence agency that need to hack user’s communication, even is they are protected with SSL/TLS.

Resuming, which is the attack scenario?

“To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).” explained John Costello, Security Researcher at CrowdStrike said in a blog post.

Researcher Adam Langley conducted an interesting analysis of the flaw Apple OS X confirming it affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all.

“This signature verification is checking the signature in a ServerKeyExchange message. This is used in DHE and ECDHE ciphersuites to communicate the ephemeral key for the connection. The server is saying ‘here’s the ephemeral key and here’s a signature, from my certificate, so you know that it’s from me’,” “Now, if the link between the ephemeral key and the certificate chain is broken, then everything falls apart. It’s possible to send a correct certificate chain to the client, but sign the handshake with the wrong private key, or not sign it at all! There’s no proof that the server possesses the private key matching the public key in its certificate.” Langley wrote in his analysis.

Langley has published a test site that allow Apple users to verify is their product are vulnerable.

“I coded up a very quick test site at https://www.imperialviolet.org:1266. Note the port number (which is the CVE number), the normal site is running on port 443 and that is expected to work. On port 1266 the server is sending the same certificates but signing with a completely different key. If you can load an HTTPS site on port 1266 then you have this bug.”

To Check if your browser is vulnerable to SSL flaw you can also visit another website Clicking here.

Apple also released iOS 6.1.6 an Apple TV update to fix the same vulnerability, I strongly suggest you to update your Apple products to the last versions!

Pierluigi Paganini

(Editor-In-Chief, CDM)

rsa-logo