Stefan Esser, also known as i0n1c, has made a 'quick and dirty' patch available to fix the serious SSL vulnerability that Apple just patched in iOS but has yet to fix in OS X Mavericks.
The flaw is very serious because it totally compromises the security of SSL and allows for man in the middle attack on otherwise secure SSL connections without any warning on the client side. Unfortunately it has been discovered that this vulnerability is also present in OSX Mavericks. When you look at the following code snippet that is taken from Security.framework's sslKeyExchange.c you can spot a superfluous "goto fail;" statement. This statement is executed in all cases and completely bypasses the call to sslRawVerify. This means there is actually no verification performed on the signed server key exchange.
I0n1c has released a patch for the 64bit version of the Security.framework. However, users are warned that it is experimental and shouldn't be installed on production machines.
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (4)
Comments are closed for this article.
0
ElMachoDingDong - February 24, 2014 at 8:32pm
How do I apply the patch on my computer?
0
CliveB - February 22, 2014 at 9:41pm
While Safari is vulnerable, Firefox is not per the test site.
0
gamerscul9870 - February 22, 2014 at 10:41pm
Talk about chrome or ie to fix it's leaks.
0
Mashman - February 24, 2014 at 8:55am
"simply switching browsers will not fully protect you." Taken from gotofail.com Other applications on your system such as mail, chat, financial, social networking and backup apps are also at risk.
![Apple Plans Massive 2026 Mac Overhaul With OLED MacBook Pro and Low-Cost Laptop [Report]](/images/news/99734/99734/99734-160.jpg "Apple Plans Massive 2026 Mac Overhaul With OLED MacBook Pro and Low-Cost Laptop [Report]")
![Apple Overhauls AI Strategy With Google Partnership and Two New Siri Upgrades [Report]](/images/news/99733/99733/99733-160.jpg "Apple Overhauls AI Strategy With Google Partnership and Two New Siri Upgrades [Report]")
![Apple Asks Indian Court to Block Antitrust Probe From Accessing Global Financials [Report]](/images/news/99732/99732/99732-160.jpg "Apple Asks Indian Court to Block Antitrust Probe From Accessing Global Financials [Report]")
![Intel Poised to Secure Apple Chip Orders as 14A Node Hits Milestones [Analyst]](/images/news/99726/99726/99726-160.jpg "Intel Poised to Secure Apple Chip Orders as 14A Node Hits Milestones [Analyst]")
![Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]](/images/news/99729/99729/99729-160.jpg "Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]")
![Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]](/images/news/99716/99716/99716-160.jpg "Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]")
![Apple Pro Display XDR Drops to $3,999 With Massive $1,000 Discount [Deal]](/images/news/99684/99684/99684-160.jpg "Apple Pro Display XDR Drops to $3,999 With Massive $1,000 Discount [Deal]")
![Beats iPhone 17 Pro Kickstand Case Drops to $20.99, 64% Off [Deal]](/images/news/99680/99680/99680-160.jpg "Beats iPhone 17 Pro Kickstand Case Drops to $20.99, 64% Off [Deal]")
