Behind iPhone’s critical ‘GotoFail’ security bug, a single bad, really bad ‘goto’

“Like everything else on the iPhone, the critical crypto flaw announced in iOS 7 yesterday turns out to be a study in simplicity and elegant design: a single spurious ‘goto’ in one part of Apple’s authentication code that accidentally bypasses the rest of it,” Kevin Poulsen reports for Wired.

“Apple released iOS 7.0.6 yesterday to patch the bug in its implementation of SSL encryption — the internet’s standard defense against eavesdropping and web hijacking,” Poulsen reports. “But the terse description in Apple’s announcement yesterday had some of the internet’s top crypto experts wondering aloud about the exact nature of the bug. Then, as they began learning the details privately, they retreated into what might be described as stunned silence. ‘Ok, I know what the Apple bug is,’ tweeted Matthew Green, a cryptography professor at Johns Hopkins. ‘And it is bad. Really bad.'”

“Some software bugs are infinitely subtle and complicated. Others are comprehensible almost at a glance to anyone who dabbled in BASIC as a kid. The iOS 7 bug is in the latter group,” Poulsen reports. “Notice the two “goto fail” lines, one after the other. The first one belongs there. The second is a typo. That extra, duplicative line diverts the program’s execution, like a bypass stent, right past a critical authentication check. The part where the digital signature is actually checked is dead code, never reached… You can test if you’re vulnerable at”

Read more in the full article here.

“Researchers are warning that the flaw seems to affect Safari, rather than Chrome or Firefox, so switching browsers may offer a partial workaround for the vulnerability,” Andy Greenberg reports for Forbes. “I tested several browsers against a proof-of-concept demonstration of the bug recommended by several security researchers at and found that Safari was in fact vulnerable to the attack, while Chrome and Firefox appeared to be unaffected. But the test shouldn’t be seen as definitive, and the impact of the flaw goes beyond browsers. Security researcher Ashkan Soltani has found that it may affect Apple’s Mail application as well, according to Ars Technica.”

“I’ve contacted Apple for comment, and I’ll update this post as soon as I hear from them. The company tells Reuters that it plans to release a second patch for OSX ‘very soon,'” Greenberg reports. “Until Apple releases a patch of its own, users should update their iOS devices to the latest version, users Chrome and Firefox rather than Safari, and try to avoid untrusted networks.”

Read more in the full article here.

Related article:
Protect a Mac from the SSL / TLS security bug (until fix arrives) – February 22, 2014


  1. AGAIN:

    Apple released three iOS updates, NOT just one. The ignorance these articles is astounding to me, with all of these unprofessional tech journalists merely copy and pasting each other’s incomplete and wrong information into their lazy ass articles.

    1) iOS 7.0.6 was released and patches the security hole.

    2) iOS 6.1.6 was released and patches the security hole.

    3) Apple TV OS 6.0.2 was released and patches the security hole.

    3 Three 3 Three iOS updates, not one.

    A couple further points:

    A) Why oh why was any of this code written in BASIC?! One of the first things I learned in Coding 101 classes was that BASIC is olde school crap coding. It always has whopping bugs. Anyone using it these days is either a kiddie or a lame coder on crutches. Shameful.

    B) Nothing I’m reading at a professional level indicates that Mac OS X is vulnerable to the SSL certificate verification flaw. Nothing. IOW: Much ado about nothing. Rumor FUD deluxe.

    Nonetheless, we know this next week the actual professionals will be scouring OS X for this flaw, and we’ll get actual definitive answers rather than bullshit like this:

    Researchers are warning that the flaw seems to affect Safari…

    “SEEMS”?! What kind of crap writing is that? Pure FUD talk. Get definitive or get out of technology kiddies. ‘Seems’ is on the level of coding with BASIC. 😛

      1. Mountain Lion does not appear to be affected. It’s not Safari that’s sick, it’s the security code that it, and other programs, use. My ML MacBook is OK, but my Mavericks iMac is not.

    1. I programmed databases in BASIC for 15 years. It’s a lovely computer language, particularly the ones authored by Bill Gates. “Old school crap coding” does not describe what we did. Indeed, the computers were much limited in power and we watched every byte of code and method of storage.

    2. I expect better of you Derek. Lets turn it down a notch. OK? Nobody said the code was written in basic. He said someone with as little background in coding as just having dabbled with basic as a kid would be able to recognize the problem in Apple’s code. I love your passion. Try not to let it get in the way of your usually strong reason.

          1. One thing I will, as usual, point is that I suck at coding and instead focused on project management in my studies.

            The fact that I suck at coding makes it all the more shocking to me how much WORSE the flamers here are at coding. What I spoke about here is FUNDAMENTAL CODING PRACTICE. I’m ashamed of all of you who are not aware of it and will gladly point you back to the folks who taught you to find out why they never taught it to you.

            You NEVER use ‘goto’ statements in modern code, unless you expect to be laughed at and ridiculed for being dangerously (yes I said dangerously!) old school.

            Now have fun flaming me some more, as it gives you so much joy to hate on others without any logic or knowledge to back you up! hahahahah, etc. I remain unmoved, uncaring of the delightful insults, as usual. But they are so amusing, especially on this topic.

            1. Yeah, but this and that and I and they and he said that she has a brother who heard and then the code and all the people and the teachers and my uncle (Bob) and then particulars and some more specifics and then I graciously misspelled mis-spelled but the auto-erect corrected it and then…..

              🙂 Read like a poem…..

    3. Surely if it was specifically a BASIC it would only be used in BASIC. It is not. It may have originated in BASIC, but it’s usage does not in turn mean that all code containing it is BASIC. It may have also largely been superseded in usage, but again that shouldn’t lead to other assumptions about the code. Just because it has things in common with BASIC, does not BASIC make. The writer of this referred to BASIC because it is a good example of how widely understood this bug should be by coders of all backgrounds, experience and age.

    4. Derek,
      Here’s the actual Apple code. It is clearly NOT basic:

      static OSStatus
      SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
      uint8_t *signature, UInt16 signatureLen)
      OSStatus err;

      if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
      goto fail;
      if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
      goto fail;
      goto fail;
      if ((err =, &hashOut)) != 0)
      goto fail;

      return err;

            1. Goto has always been part of the C and thus C++ standards. It can be very useful in compiler and operating system programming, according to Donald Knauth and others. It is used in the GCC compiler and Linux, among other places. Use of goto has been controversial since at least 1957, 7 years before BASIC was derived from Fortran. It is banned in Pascal, Modula, Python, Java, and most other structured languages. Use in C++ is most commonly for error handling, like this case. I agree the extra statement was probably debugging code that somebody forgot to comment out.

            2. You may be the stupidest person I’ve ever come across. Dozens of languages have a ‘goto’ statement, including C, which is what this code is written in.

              Please stop talking when you clearly have zero understanding of what you are saying.

            3. Oh good. Thanks for telling me how stupid I am. I’d never have known. Be sure to tell all my professors they’re stupid as well. And don’t forget to tell yourself YOU’RE stupid as well. Oh never mind. Your bad attitude clearly points out that you already consider yourself stupid.

              Are we done with the flamewar yet? I am.

            4. No I didn’t state anything about being wrong. Thanks for being a dickhead! Thanks for not knowing how to code. I’ve seen ‘that one’ the first day of my class in C coding. The first day. I went to Rochester Institute of Technology? Where did you learn?

            5. I think everyone needs to calm down and relax. Both sides of this argument have merit, if each will calmly listen to the other. I think Derek is talking good coding technique and the others are talking coding specifics. Both sides are right, and both sides are wrong. That’s OK. Welcome to humanity. Time for some forgiveness. 🙂

    1. It “always worked” because it was contained a series of bug fixes. You can tell from the version number that there were versions before it that didn’t “work” and never did.

        1. I’m not ignoring 7.0.6, but pointing out that 5.1.1 doesn’t have this particular bug is meaningless. iOS 5 had bugs, these were fixed through various subsequent updates – including 5.1.1. There will no doubt be bugs found in the future and these will in turn be fixed by subsequent updates. There are probably bugs in iOS 5 which will go unfixed as it is an old version, or undiscovered because it’s not worth exploiting. I’m not going to damn iOS because of 1 bug, a bug which isn’t even intrinsic to iOS but is just the result of an error during continued development. Unless you are implying that Apple should have stopped at 5.1.1 and never released any new software for the iPhone.

  2. It’s probably not a “typo” but code added during development to simplify the development process and meant to be removed for the final product.

    How likely is it to affect people. I don’t see any “men in the middle” sitting outside my house using my wi-fi which I consider “secure”.

    You’ve probably got a much more dangerous situation with someone calling you in the evening telling you that they are from a Microsoft support team and they noticed a virus on your computer and offering to fix it and all they need is remote access to your computer. (this happened to my SO’s best friend on Thursday and she is an IT person and she allowed them to remote into her computer)

  3. Why do these “vulnerabilities” alway happen with Java code and JavaScript? I have disabled JavaScript on all my devices many months ago and this vulnerability doesn’t have any effect once disabled.
    Java sucks almost as much as flash did. How long before Apple decides to quit using Java as well?

    1. The typo is clearly the duplicate goto statement. The other 3 goto statements, however – they seem to be an intentional part of the code. WTF is that about? Why’s the code verifying encrypted connections on Apple’s flagship devices look like it would have earned an ‘F’ in 2nd year computer science?

      1. Again, there are a VERY limited number of situations where using a goto may produce code that is clearer and more maintainable than any of the alternatives. See Donald Knauth, who wrote the Bible of computer science. Appropriate use of goto is more likely in systems programming than for applications.

        This has been a point of contention among computer scientists for over 50 years now. C deliberately allows the construction. That, and the unrestricted use of pointers and type casts, is why structured-programming purists criticized C as just “high-level assembly language.” They prefer languages which enforce structured programming and strict typing. Those languages tend to be great for writing applications but harder for systems work. Use the appropriate tool for the job.

        1. Knuth, you mean.

          Programmers have a ‘Basic Instinct’ to go for the jugular over certain shibboleths. There is none so rabid as the man whose hard-won knowledge is revealed as contingent. I think Samuel Johnson said that, but he wasn’t much of a coder; he did write the first dictionary, however.

  4. If its fixed in iOS 6.1.6 then why is my iPhone 5 with 6.1.4 telling me to update to 7.0.6 ? Even for such an important fix Apple are continuing to be such huge Aholes by trying to force me on to iOS7 ? WTF ?!
    I’m betting that even if I get iOS 6.1.6 download and manually try to install it through iTunes the bastards won’t “permit” me. Things like this just make me so angry at them!! Godamn control freak SOBs!

  5. Derek
    Why oh why was any of this code written in BASIC….

    The point is of course….
    Why was it programmed BADLY in BASIC !!!!!!!!!!!!
    If it was programmed CORRECTLY in BASIC maybe no one would have noticed. What about THAT huh?
    Leave my BASIC alone. Poor BASIC, it wasn’t YOUR fault, now was it?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.