Apple finally fixes 'gotofail' OS X security hole

After a multiday delay that irked users, Apple has released a system software update for OS X Mavericks that fixes what's become known as the "gotofail" security vulnerability.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
2 min read
An excerpt from Apple's published source code. Note the repeated "goto fail" lines.
An excerpt from Apple's published source code. Note the repeated "goto fail" lines.

Apple has finally fixed a serious OS X security vulnerability that had left millions of users exposed to potential eavesdropping or account hijacking.

In a terse note this morning accompanying a system software update, the company acknowledged that "an attacker" could "capture or modify data" transferred with Safari, Mail, iCloud and other Apple-created applications even though the communication streams were supposed to be securely encrypted.

The security vulnerability quickly became known as the "gotofail" bug after a review of Apple's publicly posted code showed an errant duplicate statement created the glitch. Apple previously released a fix for iOS devices Friday.

By not releasing the iOS and OS X fixes simultaneously, Apple left laptop and desktop users vulnerable during that time -- and security experts aghast at the company's delays. Ryan Lackey, a longtime Apple user who founded CryptoSeal, said on Twitter yesterday that: "Whoever at Apple decided to wait 4+ days for 10.9.2 to patch the OSX vulnerability needs to no longer be in that position."

The security vulnerability arose out of Apple's custom implementation of a security standard known as SSL/TLS. By including the "goto fail" line twice in a row, the normal error check for some types of encryption signatures fails.

It did not, however, affect software that does not rely on Apple's custom implementation of SSL/TLS. Google's Chrome and Mozilla's Firefox browser, for instance, do not have this vulnerability.

This is not merely a hypothetical security hole. Aldo Cortesi, a New Zealand security consultant, posted a version of the mitmproxy utility that gives access to encrypted traffic when, he said, the computer is using "Apple's broken implementation" of SSL/TLS. Cortesi added: "It's difficult to over-state the seriousness of this issue. With a tool like mitmproxy in the right position, an attacker can intercept, view and modify nearly all sensitive traffic."

Adam Langley, a Google software engineer who has worked on Chrome's network stack, wrote in a blog post that: "Since this is in SecureTransport, it affects iOS from some point prior to 7.0.6 (I confirmed on 7.0.4) and also OS X prior to 10.9.2 (confirmed on 10.9.1)."