You Have to See the Two Little Words That Cost Apple Millions

Decoding the tech world.
Feb. 25 2014 4:24 PM

An Extraordinary Kind of Stupid

The weirdest thing about the Apple security bug is how simple it was.

Some iPads are among the devices affected by Apple's security bug.
Some iPads are among the devices affected by Apple's security bug.

Photo by Jessica Rinaldi/Reuters

So for the past 18 months, there has been a horrific security hole in many of Apple’s products that has allowed “man in the middle” attacks on supposedly secure Internet communications. Most iPhone, iPad, and iPod Touch devices were affected, as well as tremendous numbers of Macs running current and recent versions of OS X (any version of the 10.9 Mavericks release). (You can go to to see if your device is affected.) This vulnerability is exceptionally bad and ubiquitous, but it’s still the same sort of bug that gets patched constantly in various pieces of software and for which hacker groups are constantly on the lookout.

David Auerbach David Auerbach

David Auerbach is a writer and software engineer based in New York. His website is

Aside from its severity, though, this bug has another extraordinary quality: It’s extremely simple. (Simple enough that the bug is already on a T-shirt.) Stupid, even. Ninety-nine percent of the time, these sorts of stupid mistakes aren’t that damaging. But that 1 percent of the time, the gods won’t save you.

Because the code in question was open source, some folks on YCombinator quickly located it; they pegged it as popping up first in the 10.9 release of OS X code. Google Web security guru Adam Langley posted a good technical analysis of the bug. But noncoders should know something about it too, because this bug is an object lesson in just how fragile the code that increasingly controls our lives can be. The simplicity with which a single mistaken line of code snowballed into one of the biggest security holes ever strikes fear into the hearts of engineers. It’s good to peek under the hood.


Below is the C code containing the bug, which occurs deep down in a security function called SSLVerifySignedServerKeyExchange. This function makes sure that the site your computer is talking to over an encrypted line (like or is really that site, rather than some “man in the middle” pretending to be that site. The bug causes the function to claim that the site is legit, even if it’s not.

        OSStatus err;

            if ((err = ReadyHash(&SSLHashSHA1, &hashCtx)) != 0)
                goto fail;
            if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0)
                goto fail;
            if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
                goto fail;
            if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
                goto fail;
                goto fail;
            if ((err =, &hashOut)) != 0)
                goto fail;

            return err;

Even if you’ve never seen code before, you might pick up on a glaring structural anomaly here, which is that one “if” statement is followed by two “goto fail”s instead of one. If that jumped out at you, congratulations! You found the bug.

Let me simplify the code a bit to get at the essence of the bug:

        OSStatus status = EVERYTHING_IS_GREAT;

            if ((status = DoSomeSecurityStuff) is DANGER)
                goto fail;
            if ((status = KeepDoingSecurityStuff) is DANGER)
                goto fail;
                goto fail;
            if ((status = DoTheMostImportantSecurityStuff) is DANGER)
                goto fail;

            return status;

These lines perform some calculations that test the validity of the authenticating data that the server (real or fake) has sent back to you, the client. On each “if” line, a variable labeled “status” is set to either EVERYTHING_IS_GREAT or DANGER. If status is still EVERYTHING_IS_GREAT by the end of the code, the function tells the rest of the program that everything is indeed great and authentication took place. If something went wrong, then it returns DANGER to the rest of the program. Whenever any part of the check returns DANGER, the code doesn’t bother finishing the security check—it’s already failed, so why bother? It just jumps to the end of the code via the “goto fail” statement, which causes the computer to jump to the end of the code with the “fail:” label right above it.



The Democrats’ War at Home

How can the president’s party defend itself from the president’s foreign policy blunders?

Congress’ Public Shaming of the Secret Service Was Political Grandstanding at Its Best

Michigan’s Tradition of Football “Toughness” Needs to Go—Starting With Coach Hoke

Windows 8 Was So Bad That Microsoft Will Skip Straight to Windows 10

Homeland Is Good Again! For Now.


Cringing. Ducking. Mumbling.

How GOP candidates react whenever someone brings up reproductive rights or gay marriage.

Building a Better Workplace

You Deserve a Pre-cation

The smartest job perk you’ve never heard of.

The Ludicrous Claims Women Are Pitched at “Egg Freezing Parties”

Piper Kerman on Why She Dressed Like a Hitchcock Heroine for Her Prison Sentencing

Oct. 1 2014 11:48 AM An Up-Close Look at the U.S.–Mexico Border
  News & Politics
The World
Oct. 1 2014 12:20 PM Don’t Expect Hong Kong’s Protests to Spread to the Mainland
Oct. 1 2014 1:11 PM This Company Wants to Fight World Hunger With Flies 
The Eye
Oct. 1 2014 1:04 PM An Architectural Crusade Against the Tyranny of Straight Lines
  Double X
The XX Factor
Oct. 1 2014 1:01 PM Can Activists Save Reyhaneh Jabbari?  
  Slate Plus
Behind the Scenes
Oct. 1 2014 10:54 AM “I Need a Pair of Pants That Won’t Bore Me to Death” Troy Patterson talks about looking sharp, flat-top fades, and being Slate’s Gentleman Scholar.
Oct. 1 2014 1:04 PM The Many Faces of Texas
Future Tense
Oct. 1 2014 11:48 AM Watch a Crowd Go Wild When Steve Jobs Moves a Laptop in This 1999 Demonstration of WiFi
  Health & Science
Bad Astronomy
Oct. 1 2014 12:01 PM Rocky Snow
Sports Nut
Sept. 30 2014 5:54 PM Goodbye, Tough Guy It’s time for Michigan to fire its toughness-obsessed coach, Brady Hoke.