Apple finally fixes 'gotofail' OS X security hole

After a multiday delay that irked users, Apple has released a system software update for OS X Mavericks that fixes what's become known as the "gotofail" security vulnerability.

An excerpt from Apple's published source code. Note the repeated "goto fail" lines.

Apple has finally fixed a serious OS X security vulnerability that had left millions of users exposed to potential eavesdropping or account hijacking.

In a terse note this morning accompanying a system software update, the company acknowledged that "an attacker" could "capture or modify data" transferred with Safari, Mail, iCloud and other Apple-created applications even though the communication streams were supposed to be securely encrypted.
The security vulnerability quickly became known as the "gotofail" bug after a review of Apple's publicly posted code showed an errant duplicate statement created the glitch. Apple previously released a fix for iOS devices Friday.

By not releasing the iOS and OS X fixes simultaneously, Apple left laptop and desktop users vulnerable during that time -- and security experts aghast at the company's delays. Ryan Lackey, a longtime Apple user who founded CryptoSeal, said on Twitter yesterday that: "Whoever at Apple decided to wait 4+ days for 10.9.2 to patch the OSX vulnerability needs to no longer be in that position."

The security vulnerability arose out of Apple's custom implementation of a security standard known as SSL/TLS. By including the "goto fail" line twice in a row, the normal error check for some types of encryption signatures fails.

It did not, however, affect software that does not rely on Apple's custom implementation of SSL/TLS. Google's Chrome and Mozilla's Firefox browser, for instance, do not have this vulnerability.
This is not merely a hypothetical security hole. Aldo Cortesi, a New Zealand security consultant, posted a version of the mitmproxy utility that gives access to encrypted traffic when, he said, the computer is using "Apple's broken implementation" of SSL/TLS. Cortesi added: "It's difficult to over-state the seriousness of this issue. With a tool like mitmproxy in the right position, an attacker can intercept, view and modify nearly all sensitive traffic."

Adam Langley, a Google software engineer who has worked on Chrome's network stack, wrote in a blog post that: "Since this is in SecureTransport, it affects iOS from some point prior to 7.0.6 (I confirmed on 7.0.4) and also OS X prior to 10.9.2 (confirmed on 10.9.1)."