Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-1266 PoC — Apple iOS ‘SSLVerifySignedServerKeyExchange’函数输入验证漏洞

Source
https://github.com/macressler/SSLPatch
Associated Vulnerability
Title:Apple iOS ‘SSLVerifySignedServerKeyExchange’函数输入验证漏洞 (CVE-2014-1266)
Description:The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.
Description
Patch iOS SSL vulnerability (CVE-2014-1266)
Readme
# SSL Patch (CVE-2014-1266)
Copyright (c) 2014 Linus Yang

Introduction
------
__CVE-2014-1266__, or known as "`goto fail` SSL verification exploit", is a very serious SSL/TLS vulnerability of iOS and OS X. Apple issues iOS 6.1.6 and 7.0.6 to fix this problem, but ignores some users who can't or just don't want to upgrade their systems to iOS 7 (e.g. users with older devices, or iOS 7 haters :P).

Finally, here is an elegant solution, especially for iOS jailbreak users: a Cydia Substrate tweak for fixing this SSL vulnerability. This tweak is a _runtime patch_ that __won't modify any system files__, so very __safe__ to use.

To install this fix, you can
  
  * Add repo [http://yangapp.googlecode.com/svn](http://yangapp.googlecode.com/svn) to Cydia, then search and install "SSL Patch",
  * Or manually download at the [Release Tab](https://github.com/linusyang/SSLPatch/releases) and install by iFile or dpkg.

After installation, you can use Safari to verify if the fix works by visiting following sites:

  * "Goto Fail": [gotofail.com](https://gotofail.com)
  * "Adam Langley's Weblog": [imperialviolet.org](https://www.imperialviolet.org:1266) (_If Safari can't open this page, it means the fix works._)

If you find any issue after installing this tweak, just uninstall it in Cydia.

Reference
------
[Adam Langley's Writeup](https://www.imperialviolet.org/2014/02/22/applebug.html)

[Apple OpenSource Library](http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c)

Build
------
```Bash
git clone --recursive https://github.com/linusyang/SSLPatch.git
cd SSLPatch
make
make package # If you have dpkg-deb utilities
```

License
------
Licensed under [GPLv3](http://www.gnu.org/copyleft/gpl.html).
File Snapshot

 [4.0K]  /data/pocs/88ab681d8342940006080dd2c89fe3a635b5eef4
├── [ 421]  control
├── [ 47K]  internal.c
├── [ 30K]  internal.h
├── [ 394]  Makefile
├── [1.7K]  README.md
├── [  54]  SSLPatch_CVE-2014-1266.plist
├── [4.0K]  theos
└── [1.6K]  Tweak.xm

1 directory, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →