Apple customers may find themselves busy this week applying patches issued by the company across a number of products.
In a series of updates, Apple released patches for iOS, OS X and the AirPort Base Station. With Security Update 2014-002, Apple fixes several issues for Mavericks (its latest OS X version), as well as vulnerabilities in Lion and Mountain Lion. Tucked in among the fixes is a critical vulnerability (CVE-2014-1295) that allows what Apple calls a “triple handshake attack.”
“In a ‘triple handshake’ attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker’s data in one connection, and renegotiate so that the connections may be forwarded to each other,” according to the advisory. “To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.”
This issue does not affect Mac OS X 10.7 systems and earlier. However, it is present on iPhone 4 and later, iPod touch (5th generation) and later and iPad 2 and later. According to Apple, an attacker with a privileged network position who exploited this issue could capture data or change the operations performed in the sessions protected by SSL.
Other important fixes include an issue affecting the CoreServicesUIAgent in OS X Mavericks 10.9.2. According to Apple, visiting a maliciously crafted website that exploits the issue may allow an attacker to execute malicious code.
“A format string issue existed in the handling of URLs,” the advisory explained. “This issue was addressed through additional validation of URLs. This issue does not affect systems prior to OS X Mavericks.”
Apple also issued fixes for several other vulnerabilities in iOS that affect WebKit, the IOKit kernel and the CFNetwork HTTPProtocol. The company also issued a fix for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac related to the Heartbleed vulnerability.
“An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets,” according to Apple. “An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue.”