Apple has quietly pushed out a security update to iOS, the operating system used by its flagship iPhone and iPad products.
This security update provides a fix for SSL connection verification.
To the average person in the street that reads like gobbledygook. Apple might as well have said "This security update provides arfle barfle gloop chihuahua hatstand".
But it's actually really important that you update your iPhones and iPads as quickly as possible.
Because what Apple says it has fixed is actually a critical vulnerability that could allow hackers to intercept what should have been secure communications between your iPhone and SSL-protected websites. That means, potentially, online attackers could grab your userid or passwords as you attempted to log into popular websites.
Security researchers at CrowdStrike have published a blog post where they not only describe how the attack can be exploited by hackers, but also warn that the flaw also exists in Mac OS X:
To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).
It's easy to imagine attackers exploiting the vulnerability to intercept victim's web sessions as they connect with their webmail, or indeed any other SSL-protected site.
For the curious, Google engineer Adam Langley has described how the bug occurred in some detail on his blog.
Here is the offending section of Apple's source code:
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
Did you spot the two "goto fail" lines in the code? One immediately after the other?
The first one is in the right place, but the second definitely shouldn't be there. That duplicate line of code messes up the code's execution, meaning that a critical authentication check doesn't occur.
A computer programmer's fumble at the keyboard has put the privacy of millions of iPhone and iPad users at risk. Whoever made that mistake must be feeling pretty bad right now.
Fortunately, Apple has now spotted the problem and fixed it (all you need to do is install the update on your iPhone or iPad by visiting Settings / General / Software Update).
Owners of older iDevices should update to iOS 6.1.6, and there has also reportedly been a software update pushed out for Apple TV too.
But iOS's cousin, Mac OS X, is also vulnerable to the same shocking privacy flaw. And there is no fix for those affected desktop and laptop computers yet.
Websites like gotofail.com have already sprung up, making it easy for users to test whether their computers and devices are at risk, and whether online criminals could theoretically be spying upon them.
Here's what happened when I visited gotofail.com on a computer running Apple's Safari browser on Mac OS X Mavericks:
Let's hope that Apple pushes out a fix soon for Mac OS X users, and that their testing will be more extensive in future to avoid such serious bugs shipping in future.