Behind iPhone’s Critical Security Bug, a Single Bad ‘Goto’

 

Some software bugs are infinitely subtle and complicated. Others are comprehensible almost at a glance to anyone who dabbled in BASIC as a kid. The iOS 7 bug is in the latter group.

Did you see it? This function is called when a iPhone connects to an encrypted site over SSL: it’s meant to verify that the encryption key is being vouched for — digitally signed — by the operator of the website.

But notice the two “goto fail” lines, one after the other. The first one belongs there. The second is a typo. That extra, duplicative line diverts the program’s execution, like a bypass stent, right past a critical authentication check. The part where the digital signature is actually checked is dead code, never reached.
Behind iPhone’s Critical Security Bug, a Single Bad ‘Goto’ | Threat Level | Wired.com.

Something just blew up. In Apple’s face. Big time.

Why Apple’s Recent Security Flaw Is So Scary.

On Friday, Apple quietly released iOS 7.0.6, explaining in a brief release note that it fixed a bug in which “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” That’s the understated version. Another way to put it? Update your iPhoneright now.

Oh, and by the way,OS X has the same issues—except there’s no fix out yet.

In simple terms, someone can intercept traffic between you and the site your accessing, and pull of a “Man in the Middle” attack:

I could make all manner of snarky comments on this, but I won’t.

%d bloggers like this: