Apple Patches OS X Mavericks for POODLE SSL Flaw
As millions of Apple Mac OS X fans were waiting on Oct. 16 for the opportunity to update to the new OS X 10.10 Yosemite release, a strange thing happened. An Apple app store notification popped up with a security update identified as Apple Security Update 2014-005, for OS X 10.9.5 Mavericks and OS X 10.8.5 Mountain Lion.
The main Apple security update listing page provided no link to the details of the update on Oct. 16. The details have now been posted, and the update is a fix for the SSL POODLE flaw that was first publicly disclosed by Google on Oct. 14.
POODLE, or Padding Oracle On Downgraded Legacy Encryption, is a vulnerability in the legacy Secure Sockets Layer (SSL) 3.0 cryptographic protocol that is used to secure data in motion across the Internet. The flaw could potentially enable an attacker to decipher encrypted communications.
There are multiple ways to deal with the POODLE SSL flaw. Since SSL 3.0 is a legacy protocol and has been superseded by the newer Transport Layer Security (TLS) 1.2 protocol, some vendors, including cloud provider CloudFlare and social networking service Twitter, have decided to simply drop support for SSL 3.0 altogether.
The challenge, however, is that not all Web browsers and servers do in fact support the newer TLS protocol, and that's why SSL 3.0 fallback mechanisms have been in place.
Apple's solution to the POODLE SSL flaw is not to block SSL 3.0 entirely. Instead, the company is taking a more precise approach by blocking the specific component of an SSL 3.0 implementation that could be vulnerable to a POODLE attack.
"There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode," Apple warns in its advisory.
CBC, or cipher block chaining, is a class of cryptographic cipher suite that can be used in SSL. CBC was found to be vulnerable prior to POODLE as well, notably in the SSL BEAST attack that was disclosed back in 2011. There was also a CBC-based attack against SSL disclosed in 2013, dubbed "Lucky 13," that exposed additional risks.
"An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts," Apple's POODLE advisory states. "This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.