On February 21st, 2014 Apple pushed out an emergency SSL security update for iOS (7.0.6). John Costello, CrowdStrike’s Sr. SDET Engineer, and myself reverse engineered the binary patches in order to analyze the vulnerability and its full impact. Given the fact that the patches are not yet available for all impacted systems, we are not yet publishing full technical details of this vulnerability so as not to make life easier for attackers. However, we decided to release some additional information in the Q&A below in order to educate the community about the level of risk this vulnerability represents.
Visual analysis of the differences between the vulnerable and patched code
The currently released patch is only available for the iOS platform. Is OS X also affected?
YES, the vulnerability affects both the iOS and OS X operating systems
When is the OS X Update coming?
We expect Apple to release an update soon.
How does the attack work?
To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).
Does Certificate Pinning mitigate the issue?
Certificate pinning is a hardening mechanism whereby systems can avoid relying on all of the Certificate Authorities in the system trust. So if an attack happens against a particular CA and their keys are compromised, systems employing pinning with an unrelated certificate will not be affected.
From our investigations it unfortunately does not appear likely that certificate pinning would mitigate against this vulnerability.
Is OpenSSL Affected?
Not as far as we are aware.
How can I detect this?
Due to the nature of the attack, non-encrypted packet data in the initial SSL/TLS handshake will reveal malicious activity exploiting this information. With appropriate confidentiality protections for responsible disclosure, we are happy to have more detailed direct conversations with trusted entities about this vulnerability. Please contact us at firstname.lastname@example.org for deeper discussions.
Are Software Update Mechanisms affected?
To some degree, yes. Software update mechanisms which download and execute code without cryptographically verifying signatures of the downloaded code may be exploitable. However, update mechanisms which correctly employ signature verification of downloaded contents are less likely to be exploitable by this vulnerability.
Update your Apple devices and systems as soon as possible to the latest available versions. Do not use untrusted networks (especially WiFi) while traveling, until you can update the devices from a trusted network. On unpatched mobile and laptop devices, set “Ask to Join Networks” setting to OFF, which will prevent them from showing prompts to connect to untrusted networks.