{"id":9296,"date":"2014-02-25T18:06:05","date_gmt":"2014-02-26T02:06:05","guid":{"rendered":"http:\/\/www.perivision.net\/wordpress\/?p=9296"},"modified":"2014-02-25T18:06:05","modified_gmt":"2014-02-26T02:06:05","slug":"apple-security-hole-patched-we-hope","status":"publish","type":"post","link":"https:\/\/www.perivision.net\/wordpress\/2014\/02\/apple-security-hole-patched-we-hope\/","title":{"rendered":"Apple security hole patched. We hope"},"content":{"rendered":"
\"os<\/a>

Source: Apple Inc.<\/p><\/div>\n

This has been a rough few days for Apple.\u00a0 A ‘goto fail’ hole appeared in the OS that lets people defect a security server key which lets them do .. well not sure.\u00a0 From a quick read of the code, seems like if you can get a false handshake to work then depending on the package you could redirect emails, sms messages, perhaps redirect the auth process and make the user buy something from the store?\u00a0 Not sure, but here is the code.<\/p>\n

\n
static OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) { OSStatus err; …<\/i> if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; …<\/i> fail: SSLFreeBuffer(&signedHashes); SSLFreeBuffer(&hashCtx); return err; }<\/address>\n<\/blockquote>\n

However, Apple has said they released a fix, so if you are swinging an Apple device, you may want to path up quickly.<\/p>\n

Related Posts<\/H3>