TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain

The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified in the Apple iOS. iOS is Apple's mobile operating system for the iPhone, iPod Touch, and iPad hardware platforms.

The vulnerability was discovered by Paul Kehrer, who is a member of the Trustwave SSL team. Paul discovered a method which allowed him to sign an SSL certificate which was viewed as valid by iOS. Using this technique, an attacker who is able to intercept traffic from a vulnerable iOS device can craft an SSL certificate, and subsequently capture and decrypt the traffic from applications which utilize this certificate. No notification is presented to the end user, which allows the attacker to perform this attack without detection.

Paul, along with Nicholas Percoco, head of SpiderLabs, will be giving a presentation at DEF CON 19 on SSL vulnerabilities, including this specific issue. Refer to this link for further details.

For further details, please view the full advisory at the following address:

https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt

Additionally, further information can also be viewed in the following links:

http://support.apple.com/kb/HT4824

http://support.apple.com/kb/HT4825

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.