Adam Langley explained the reasons for the bug in iOS: an extra line of code broke all security
Yesterday, Apple released iOS 7.0.6 security update for iPhone 4 and later, iPod touch 5th generation and iPad 2+. At the same time, a similar patch 6.1.6 for iPhone 3GS and iPod touch 4th generation was released.
The update closes the vulnerability CVE-2014-1266, which allows an attacker from a "privileged position on the network" to intercept and modify packets in sessions protected by SSL / TLS . We are talking about MiTM-attack with the substitution of traffic.
In a concise explanation, Apple says that when setting up a secure connection over SSL / TLS, the system is unable to determine the authenticity of the connection. The problem was solved by “adding missing validation steps”.
Although the laconic description is not entirely clear what particular “stages” were not enough, but we can say that there is no complete protection of the connections. One way or another, the absence of the necessary authentication steps means that, in the past, all third-party Apple devices probably could have installed fake / modified OS updates on users' smartphones and tablets.
')
Today, the famous cryptographer Adam Langley published an article with an analysis of the bug in iOS. He drew attention to the difference in the OS X 10.8.5 (Security-55179.13) and 10.9 (Security-55471) code, where the same bug was probably fixed.
Actually, here it is.
fail:
Apple.
ServerKeyExchange, DHE ECDHE . : « , , , ». Apple, , . : , , ! , , , .
, , iOS 7.0.5 OS X 10.9.1 .
The update closes the vulnerability CVE-2014-1266, which allows an attacker from a "privileged position on the network" to intercept and modify packets in sessions protected by SSL / TLS . We are talking about MiTM-attack with the substitution of traffic.
In a concise explanation, Apple says that when setting up a secure connection over SSL / TLS, the system is unable to determine the authenticity of the connection. The problem was solved by “adding missing validation steps”.
Although the laconic description is not entirely clear what particular “stages” were not enough, but we can say that there is no complete protection of the connections. One way or another, the absence of the necessary authentication steps means that, in the past, all third-party Apple devices probably could have installed fake / modified OS updates on users' smartphones and tablets.
')
Today, the famous cryptographer Adam Langley published an article with an analysis of the bug in iOS. He drew attention to the difference in the OS X 10.8.5 (Security-55179.13) and 10.9 (Security-55471) code, where the same bug was probably fixed.
Actually, here it is.
static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
{
OSStatus err;
...
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;
... fail:
SSLFreeBuffer(&signedHashes);
SSLFreeBuffer(&hashCtx);
return err;
}Apple.
goto fail . if, . , , goto fail. err , SHA1 «».ServerKeyExchange, DHE ECDHE . : « , , , ». Apple, , . : , , ! , , , .
, , iOS 7.0.5 OS X 10.9.1 .
Source: https://habr.com/ru/post/213525/
All Articles