![]() a handful of QuickTime bugs that could lead to application termination or arbitrary code execution.a double free bug that existed in QuickLook that could be exploited to result in an unexpected application termination or arbitrary code execution if an attacker dowloaded a maliciously crafted Microsoft Word document. ![]() an issue with the NVIDIA drivers through which the execution of a malicious application could result in arbitrary code execution within the graphics card.a memory leak problem spurred by maliciously crafted JPEGs.an issue in finder that could permit unauthorized access to certain files.a bug that could allow an attacker to take control of the system clock.a credential intercept for anyone using curl to connect to an HTTPS URL containing an IP address.a signedness issue in CoreText’s handling of unicode fonts that could lead to arbitrary code execution or unexpected application termination.a buffer overflow that could allow for arbitrary code execution in CoreAnimation.a memory corruption problem related to the handling of type 1 fonts.Of course, this certificate-validation problem is not the sole security fix issued by Apple today, who is well known for publishing long and pedantic security updates. The CrowdStrike researchers said that finding non-encrypted packet data in the SSL/TLS handshake could be indicative of exploit attempts targeting this vulnerability. “This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).” “Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake,” reads the CrowdStrike analysis. “Because the certificate chain is correct and it’s the link from the handshake to that chain which is broken, I don’t believe any sort of certificate pinning would have stopped this.”Īnother group of researchers from the security company CrowdStrike also looked at the code and noted that potential exploits of this vulnerability could include interception of sessions with webmail services, or any other SSL-protected sites. They claim to have resolved the problem by restoring certain validation steps that had been missing.ĭue to the nature of the bug, Langely said certificate pinning – a defensive method that gives browsers the ability to associate a specific certificate with a specific site, thus preventing man-in-the-middle attacks – likely would not have any impact on this flaw, because there is no problem with the certificate itself: Apple attributes the issue to a failure on the part of its secure transport mechanism to validate the authenticity of the connection. Apple warns that an attacker with a privileged network position can capture or modify data in sessions that should be protected by SSL or TLS on unpatched systems. It’s possible to send a correct certificate chain to the client, but sign the handshake with the wrong private key, or not sign it at all! There’s no proof that the server possesses the private key matching the public key in its certificate.”Īpple made the update that fixes this and a number of other bugs available a few hours ago. “Now, if the link between the ephemeral key and the certificate chain is broken, then everything falls apart. The server is saying ‘here’s the ephemeral key and here’s a signature, from my certificate, so you know that it’s from me’,” Langley wrote in his analysis. This is used in DHE and ECDHE ciphersuites to communicate the ephemeral key for the connection. “This signature verification is checking the signature in a ServerKeyExchange message. Langley says the problem arose from the way the certificate validation code processed two failures in a row. On unpatched systems, the bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, according to an analysis performed by security researcher Adam Langley. Apple today shipped a security update resolving a critical certificate-validation vulnerability in its OS X Mavericks operating system.ĭetails of the bug, which exists in OS X version 10.9.1 and is resolved by version 10.9.2, emerged on Friday after the company patched essentially the same bug in its iOS mobile operating system.
0 Comments
Leave a Reply. |