

Researcher: Array of Apple Apps Vulnerable to “Gotofail” Attack - fpgeek
http://recode.net/2014/02/23/researcher-array-of-apple-apps-vulnerable-to-gotofail-attack/

======
QSIITurbo
This and the fact that they didn't release the OS X patch at the same time as
the iOS patch constitutes a total FUBAR: The mistake they made was so basic
that one wonders why on earth some junior / non-sec developer was working on a
critical security component. Heads should be rolling.

If I understood correctly, they were also intermixing tabs and spaces (the web
view implied so), so they also have that problem. (Just require spaces and ban
tabs automatically so you know there's no way anyone can fuck things up).

------
jzwinck
Rule 59 from the Joint Strike Fighter C++ coding guide[1] calls out exactly
this bug (with example bad code similar to Apple's bug): all if/while/for
bodies must be enclosed in braces. Some other notable guides, like those frmo
Google and NASA, do not require this. I thought it was a good idea before, and
very good idea now.

[1]: [http://www.stroustrup.com/JSF-AV-
rules.pdf](http://www.stroustrup.com/JSF-AV-rules.pdf)

~~~
beagle3
It's a useless rule unless you have a tool that enforces it - because it is
easy to violate without noticing.

If you have a style checker that enforces, then this rule is acceptably
useful. However, if you already have a checker as such, why not have it check
indentation (and multiple statements per conditional statement), and catch a
larger class of bugs?

Personally, I think Google/NASA is right, and JSF is wrong.

------
RyJones
I'm sure everything that linked against it is vulnerable, and as soon as we
have an update, they'll all be OK.

I just wish the update were out now.

~~~
Xylakant
There's one major problem: software updater itself is vulnerable. So in theory
the only way to get a clean system is to download a fresh, fixed installer via
a channel that's not affected and reinstall. What a mess.

~~~
rimantas
This is a problem only if updates are not signed.

~~~
Xylakant
No, it's not. The updater needs to know the correct signatures and it doesn't
have a trusted way of retrieving them. Also, any previous update may have been
malicious and replaced the updater. The updater may very well have embedded
keys, but we don't know, so the secure option would be not to trust it.

~~~
QSIITurbo
That's not how signing works. Also, if the signing is indeed implemented
correctly, then the updater cannot have been compromised earlier.

------
glasz
like they said after kicking forstall out: teams will be working together much
closer.

