Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Apple patches OS X to protect against POODLE

Gregg Keizer | Oct. 20, 2014
POODLE, for "Padding Oracle On Downgraded Legacy Encryption," was disclosed earlier this week by a trio of Google security engineers who revealed how a design flaw in SSL (Secure Socket Layer) 3.0 could be exploited by criminals.

Apple yesterday issued a security update for OS X Mavericks and Mountain Lion meant to protect Macs against possible POODLE attacks.

OS X Yosemite, the upgrade Apple launched Thursday, also included the fix.

But testing Safari 7 on a patched Mac running Mavericks — and Safari 8 on Yosemite — resulted in a still-vulnerable report from poodletest.com, a website created by Johannes Ullrich, dean of research for the SANS Technology Institute and the head of SANS's Internet Storm Center security arm. Ullrich published the detector so users could find out whether their browsers are at risk.

POODLE, for "Padding Oracle On Downgraded Legacy Encryption," was disclosed earlier this week by a trio of Google security engineers who revealed how a design flaw in SSL (Secure Socket Layer) 3.0 could be exploited by criminals. Those hackers could use POODLE to steal browser session cookies, then use the cookies to impersonate victims at websites where they make online purchases, receive email or store files in cloud services.

In a research paper, the Google engineers outlined the POODLE attack technique, sending a another wave of apprehension through the Web about the security of the Internet. The POODLE attack can force a secure connection to "fall back" to the long-known-to-be-untrustworthy SSL 3.0 by faking errors when more secure encryption methods are applied.

Because both browsers and Web servers must be modified or updated to disable SSL 3.0 or bar systems from reverting to SSL 3.0, browser developers quickly announced that they were planning to patch their software.

Mozilla, for instance, said it would disable SSL 3.0 in Firefox 34, which is slated for release on Nov. 25. And Chrome said it would turn off SSL 3.0 in a future update, but added that it had already put in place a mechanism called SCSV, for TLS Fallback Signaling Cipher Suite Value, in the browser and on its servers. SCSV, which Mozilla will also support in Firefox 34, prevents attackers from inducing browsers to use SSL 3.0 as a fallback.

Apple's fix, designated Security Update 2014-005 and designed for last year's Mavericks and 2012's Mountain Lion, took a different tack.

Rather than deactivate SSL 3.0 or implement SCSV, Apple "disabl[ed] CBC cipher suites when TLS connection attempts fail." In other words, it blocks SSL 3.0 from using a type of cryptographic cipher, called "cipher block chaining," that has been proven to be poorly implemented by SSL and its replacement TLS, and thus vulnerable to exploitation.

"This is a reasonable decision as it does mitigate the POODLE and BEAST vulnerabilities," said Ullrich in an email. "Usually, CBC ciphers are part of SSLv3, but it is up to the browser and server which cipher to support."

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.