Security expert captures all SSL traffic via Apple’s OS X ‘GotoFail’ flaw

12 years ago

“Less than a day’s work was all it took for one New Zealand security consultant to develop a proof of concept for the actively open OS X exploit revealed at the weekend, and known as ‘goto fail,'” Chris Duckett reports for ZDNet. “Aldo Cortesi, CEO and founder of security consultancy firm Nullcube, said in a blogpost today that he had modified his existing mitmproxy code to take advantage of the open hole in OS X Mavericks.”

“‘I’ve confirmed full transparent interception of HTTPS traffic on both IOS (prior to 7.0.6) and OSX Mavericks,’ Cortesi wrote. ‘Nearly all encrypted traffic, including usernames, passwords, and even Apple app updates can be captured,'” Duckett reports. “Cortesi said that iCloud data, including KeyChain enrollment and updates, data from Calendar application, and traffic from apps that use certificate pining, such as Twitter. ‘It’s difficult to over-state the seriousness of this issue,’ he wrote. ‘With a tool like mitmproxy in the right position, an attacker can intercept, view and modify nearly all sensitive traffic.'”

Duckett reports, “Speaking to ZDNet, Cortesi said… ‘I think there’s a quite a good chance that I wasn’t the first, so it’s safest to assume that this is being actively exploited in the wild. Of course, it’s also likely that intelligence agencies have been onto this issue for some time.'”

Read more in the full article here.

MacDailyNews Take: Tick, tock, tick, tock…