Scary SSL certificate bug in Mac OS X is now fixed

By
Marko Karppinen
on November 15, 2007

Back in May, we discovered and reported to Apple a serious vulnerability in Mac OS X. The issue was silently fixed in Leopard, but yesterday Apple made fixes available for 10.3 and 10.4 as well. Here’s how Apple describes the issue:

An issue exists in the validation of certificates. A man-in-the-middle attacker may be able to direct the user to a legitimate site with a valid SSL certificate, then re-direct the user to a spoofed web site that incorrectly appears to be trusted. This could allow user credentials or other information to be collected. This update addresses the issue through improved validation of certificates. Credit to Marko Karppinen, Petteri Kamppuri, and Nikita Zhuk of MK&C for reporting this issue.

This generic language often used in vulnerability descriptions doesn’t really drive home the impact of the issue. To start, I’d change “may be able” to “is able” and “could allow” to “allows”. This vulnerability is exploitable every time. Here’s a real world example:

  • You connect your MacBook to a Wi-Fi access point, such as a T-Mobile HotSpot. But the access point isn’t really what it seems — someone’s just announcing a rogue network with the “tmobile” SSID. This could happen anywhere.
  • When you start surfing, the access point redirects you to the login page as normal. Before the SSL-encrypted login page is downloaded, however, a non-encrypted redirection page appears for a fraction of a second. Again, this is normal. But this time, the page includes a 1x1 pixel image from a server the attacker has a real SSL certificate for. Let’s call it www.validcertificate.example. Real SSL certificates that are trusted by Mac OS X are available from a number of vendors without any verification of the site’s identity.
  • Loading that single image from www.validcertificate.example has now “seeded” that certificate as being trusted by the system. From this point on, the affected Mac OS X systems will trust this certificate no matter which domain name it is being served from.
  • Since the owner of the rogue hotspot controls your DNS as well, he can now direct all your traffic through his own servers. The T-Mobile login page, PayPal.com, your web email — all will appear in their correct addresses, with SSL enabled, and with the SSL lock icon on the corner of your Safari window. Everything seems to be just fine, but behind the scenes, all of those sites are using the www.validcertificate.example certificate and the owner of the hotspot is recording all of your seemingly-encrypted traffic.

Scary? Yeah. If you’re still on Tiger or Panther, install the software update immediately. If you can’t, at least click the SSL icon on all sites you navigate to — the certificate details will not be right if you are being spoofed. For more info, keep checking the DHS’s National Vulnerability Database for their take on the issue (not online yet).

Categories:

Leave a comment

Search

About this Entry

MK&C is an eight-person software development studio in Helsinki, Finland. We specialize in designing and developing human-friendly software for the Mac, iPhone and iPod touch platforms.

» www.karppinen.fi
» www.knoxformac.com
» flightagenda.com
» basetenframework.org

This page contains a single entry by Marko Karppinen published on November 15, 2007 12:55 PM.

Knox 1.5.3 for Leopard is coming, but… was the previous entry in this blog.

Quay is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.