Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-1266 PoC — Apple iOS ‘SSLVerifySignedServerKeyExchange’函数输入验证漏洞

Source
https://github.com/linusyang/SSLPatch
Associated Vulnerability
Title:Apple iOS ‘SSLVerifySignedServerKeyExchange’函数输入验证漏洞 (CVE-2014-1266)
Description:Apple iOS、Apple TV和Apple OS X都是美国苹果(Apple)公司的产品。Apple iOS是为移动设备所开发的一套操作系统;Apple TV是一款高清电视机顶盒产品;Apple OS X是为Mac计算机所开发的一套专用操作系统。 Apple iOS中的Data Security组件Secure Transport的功能的libsecurity_ssl/lib/sslKeyExchange.c文件中的‘SSLVerifySignedServerKeyExchange’函数存在安全漏洞
Description
Patch iOS SSL vulnerability (CVE-2014-1266)
Readme
# SSL Patch (CVE-2014-1266)
Copyright (c) 2014 Linus Yang

Introduction
------
__CVE-2014-1266__, or known as "`goto fail` SSL verification exploit", is a very serious SSL/TLS vulnerability of iOS and OS X. Apple issues iOS 6.1.6 and 7.0.6 to fix this problem, but ignores some users who can't or just don't want to upgrade their systems to iOS 7 (e.g. users with older devices, or iOS 7 haters :P).

Finally, here is an elegant solution, especially for iOS jailbreak users: a Cydia Substrate tweak for fixing this SSL vulnerability. This tweak is a _runtime patch_ that __won't modify any system files__, so very __safe__ to use.

To install this fix, you can
  
  * Add repo [http://yangapp.googlecode.com/svn](http://yangapp.googlecode.com/svn) to Cydia, then search and install "SSL Patch",
  * Or manually download at the [Release Tab](https://github.com/linusyang/SSLPatch/releases) and install by iFile or dpkg.

After installation, you can use Safari to verify if the fix works by visiting following sites:

  * "Goto Fail": [gotofail.com](https://gotofail.com)
  * "Adam Langley's Weblog": [imperialviolet.org](https://www.imperialviolet.org:1266) (_If Safari can't open this page, it means the fix works._)

If you find any issue after installing this tweak, just uninstall it in Cydia.

Reference
------
[Adam Langley's Writeup](https://www.imperialviolet.org/2014/02/22/applebug.html)

[Apple OpenSource Library](http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c)

Build
------
```Bash
git clone --recursive https://github.com/linusyang/SSLPatch.git
cd SSLPatch
make
make package # If you have dpkg-deb utilities
```

License
------
Licensed under [GPLv3](http://www.gnu.org/copyleft/gpl.html).
File Snapshot

 [4.0K]  /data/pocs/d749c23ffe89c97999483f7f939e4c4643d008d5
├── [ 502]  control
├── [ 47K]  internal.c
├── [ 30K]  internal.h
├── [ 486]  Makefile
├── [ 16K]  minimal.c
├── [ 22K]  minimal.h
├── [1.7K]  README.md
├── [  54]  SSLPatch_CVE-2014-1266.plist
├── [4.0K]  theos
└── [2.3K]  Tweak.x

1 directory, 9 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.