UPDATE: Apple has also released a patch for the version of this vulnerability on its OS X platforms, as part of the update to OS X 10.9.2. All users are strongly encouraged to download this update.
CORRECTION: An earlier version of this story said the updated version of iOS 6 would be 6.1.3. It is 6.1.6.
Apple's latest update to iOS, released Friday (Feb. 21), doesn't seem important at first. But the update actually fixes a serious security flaw, possibly caused by a single stray line of code, which leaves hundreds of millions of iPhones and iPads vulnerable to hackers.
Even worse, the flaw seems to affect recent versions of Mac OS X, for which a patch is not yet available.
If you have a device running iOS 6 or 7, and you're not connected to a stranger's Wi-Fi network, patch it now — we've got instructions below. If you're running Mac OS X on a laptop, don't use public Wi-Fi networks, even those at your favorite coffeeshop.
The flaw also affects second- and third-generation Apple TVs, which received a patch.
"I know what the Apple bug is," tweeted Matthew Green, a cryptography expert who teaches at Johns Hopkins University in Baltimore. "And it is bad. Really bad."
Stay off the Starbucks network
In the Apple security bulletin issued Friday night (Feb. 21), Apple said only, "An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS ... Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps."
Software vendors releasing emergency patches are often intentionally vague in order not to give would-be attackers any tips.
It's not clear how long the vulnerability has existed. Devices back to the iPhone 3GS, first released in June 2009, are affected, but the flaw could have been introduced in a later software update.
Apple provided no information about the exposure of Mac OS X devices to the flaw.
Google network-security engineer Adam Langley confirmed in a blog posting early Saturday (Feb. 22) that the flaw existed in OS X 10.9 (Mavericks), but added that Google Chrome and Mozilla Firefox browsers on OS X were not directly affected. (All browsers on iOS would be affected, since they're actually Safari underneath.)
To see whether the vulnerability exists on your system, try to open this URL Langley created: https://www.imperialviolet.org:1266/. If you can see a Web page, you're vulnerable.
Security firm CrowdStrike advised users of iOS devices and OS X laptops to not use untrusted Wi-Fi networks until patches had been installed.
"Do not use untrusted networks (especially Wi-Fi) while traveling, until you can update the devices from a trusted network," wrote CrowdStrike's Alex Radocea in a blog posting. "On unpatched mobile and laptop devices, set 'Ask to Join Networks' setting to OFF, which will prevent them from showing prompts to connect to untrusted networks."
Regarding the vulnerability of OS X devices, Radocea wrote only, "We expect Apple to release an update soon."
We'll get into the technical details of this software flaw, but first, here's how to update your iOS and Apple TV devices.
How to update an iOS device
To update your iOS device, first make sure you're on a trusted, password-protected home or office Wi-Fi network. Don't use the Wi-Fi in a public place, even if it requires a password.
If your wireless carrier's 3G/4G signal strength is good and you don't mind using up some cellular data, turn Wi-Fi off.
Connect the device to a power source if possible. Some software updates take time to download and install.
Tap the Settings icon on your device's home screen, then tap General, then Software Update.
If you're running iOS 7, you'll be prompted to install iOS 7.0.6; if iOS 6, it'll be iOS 6.1.6.
Tap Download and Install. If you're prompted again to confirm the installation, tap Install.
Your device will restart when the installation is complete.
This update is for iOS 6 and 7, applying to iPhone 3GS and later, iPad 2 and later and iPod Touch fourth-generation and later.
How to update Apple TV
To update Apple TV, select Settings, then General, then Software Update.
The device will check for an available update; if your device is eligible for this one, the update will be Apple TV 6.0.2.
Select Download and Install. The Apple TV light will flash during the process, and the Apple TV will restart once the installation is complete.
The update is for second-generation and later Apple TVs.
You don't see me, but I see you
From Apple's statement, it appeared that the flaw permitted a man-in-the-middle attack upon secure Internet communications by an attacker sitting on the same local network — coffeeshop or airport Wi-Fi, for example — as the victim.
Man-in-the-middle attacks occur when an attacker intercepts a communication between two parties, and then impersonates each party to the other.
Say Alice and Betty are communicating, but Clyde stages a man-in-the-middle attack. To Alice, he pretends to be Betty, and to Betty, he pretends to be Alice. Clyde now controls the messages Alice and B are exchanging, and can read, change or redirect them without Alice or Betty being aware of his presence.
Using such an attack, a stranger sitting in a hotel lobby or cafe could intercept other people's online banking activity, social-media postings, email messages and so on. He could even try to inject malware by creating fake software downloads.
You can goto your own way
Cryptography experts immediately tried to figure out what was wrong with Apple's implementation of Secure Sockets Layer (SSL), the protocol that underlies almost all Web-based secure connections.
A few figured it out quickly — and were scared at what they saw.
"I'm not going to talk details about the Apple bug except to say the following," tweeted Green. "It is seriously exploitable and not yet under control."
Google's Adam Langley initially tweeted Friday evening that he was also going to "keep quiet" about the bug.
But other software experts posted code snapshots overnight of what they believed what might be the flaw, and it made its way to online forums.
Noting that "the cat's out of the bag," Langley broke his silence in his Saturday blog posting, revealing that the devastating software flaw apparently derives from a single repeated line of code in Apple's open-source SSL implementation.
The code looks like this:
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
Notice the repeated "goto fail;". That shouldn't be there. Langley explained that that repeated line of code effectively disables verification of the digital signatures underlying SSL, with the result that all signatures pass the verification check and "everything falls apart."
"The first one is correctly bound to the if statement, but the second, despite the indentation, isn't conditional at all," Langley wrote. "The code will always jump to the end from that second goto, err will contain a successful value because the SHA1 update operation was successful and so the signature verification will never fail."
Our friends in Fort Meade
The security community on Twitter indulged in gallows humor about the Apple security flaw overnight.
"iOS/OSX SSL bug is like suddenly realizing that you've been walking around without pants for the past month," tweeted independent security researcher and journalist Ashkan Soltani. "All your privates are exposed."
Some joked that the National Security Agency, based in Fort Meade, Md., must have at some point in the past exploited the newly revealed flaw to snoop upon Apple users.
"I heard that in Maryland some parties 'with a privileged network position' are opening Champagne to celebrate this iOS bug," tweeted Chaouki Bekrar, head of a French firm that finds zero-day vulnerabilities — previously unknown software flaws — and sells them to government agencies.
"More likely they're holding a funeral for it," replied Melissa Elliott, a security researcher with Veracode in Burlington, Mass.
"I'm sure the Apple bug is unintentional," noted Green. "But man, if you were trying to sneak a vuln into SSL, this would be it."