April 19, 2024
I0n1c Releases 'Quick and Dirty' Patch to Fix Serious SSL Vulnerability in OS X Mavericks

I0n1c Releases 'Quick and Dirty' Patch to Fix Serious SSL Vulnerability in OS X Mavericks

Posted February 22, 2014 at 8:29pm by iClarified
Stefan Esser, also known as i0n1c, has made a 'quick and dirty' patch available to fix the serious SSL vulnerability that Apple just patched in iOS but has yet to fix in OS X Mavericks.

The flaw is very serious because it totally compromises the security of SSL and allows for man in the middle attack on otherwise secure SSL connections without any warning on the client side. Unfortunately it has been discovered that this vulnerability is also present in OSX Mavericks. When you look at the following code snippet that is taken from Security.framework's sslKeyExchange.c you can spot a superfluous "goto fail;" statement. This statement is executed in all cases and completely bypasses the call to sslRawVerify. This means there is actually no verification performed on the signed server key exchange.

I0n1c has released a patch for the 64bit version of the Security.framework. However, users are warned that it is experimental and shouldn't be installed on production machines.


To see if your machine is vulnerable visit http://www.gotofail.com with a Safari browser.

A more detailed explanation of the vulnerability can be found at ImperialViolet.

Please follow iClarified on Twitter, Facebook, or RSS for updates on the situation and to be informed when Apple releases an official patch.

Read More



I0n1c Releases 'Quick and Dirty' Patch to Fix Serious SSL Vulnerability in OS X Mavericks
Follow iClarified
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (4)
You must login or register to add a comment...
Add Comment
ElMachoDingDong
ElMachoDingDong - February 24, 2014 at 8:32pm
How do I apply the patch on my computer?
Reply · Like
CliveB
CliveB - February 22, 2014 at 9:41pm
While Safari is vulnerable, Firefox is not per the test site.
Reply · Like
gamerscul9870
gamerscul9870 - February 22, 2014 at 10:41pm
Talk about chrome or ie to fix it's leaks.
Reply · Like
Mashman
Mashman - February 24, 2014 at 8:55am
"simply switching browsers will not fully protect you." Taken from gotofail.com Other applications on your system such as mail, chat, financial, social networking and backup apps are also at risk.
Reply · Like
Recent. Read the latest Apple News.
RECENT
Display Cover Glass for New HomePod Allegedly Leaked
Display Cover Glass for New HomePod Allegedly Leaked
Apple Mystery Thriller 'Sunny' Starring Rashida Jones Will Premiere July 10
Apple Mystery Thriller 'Sunny' Starring Rashida Jones Will Premiere July 10
New 12.9-inch iPad Air May Feature Mini-LED Display
New 12.9-inch iPad Air May Feature Mini-LED Display
AirPlay Now Available at Over 60 IHG Hotels and Resorts
AirPlay Now Available at Over 60 IHG Hotels and Resorts
Apple Shares 2024 Environmental Progress Report, Cuts Greenhouse Emissions in Half
Apple Shares 2024 Environmental Progress Report, Cuts Greenhouse Emissions in Half
More News
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Monterey
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
More Tutorials
Deals. Save on Apple devices and accessories.
DEALS
New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]
New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]
Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]
Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]
T-Mobile Offers Free Blink Security Camera System With 5G Home or Small Business Internet
T-Mobile Offers Free Blink Security Camera System With 5G Home or Small Business Internet
AirPods Pro 2 With USB-C On Sale for $189! [Deal]
AirPods Pro 2 With USB-C On Sale for $189! [Deal]
iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]
iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]
More Deals