Apple’s Most Notorious Code Bug

Apple’s Most Notorious Code Bug

How a single line in the code compromised security on all Apple devices

‘Bug’, a term that makes most developers dread at night and the reason why they incessantly phase-out and stare into space when you’re talking to them. While that is both somewhat sad and true, the reality isn’t so bad. Bugs are identified all the time in software and are impossible to avoid, simply because we are humans and we make mistakes. Most of the bugs are eliminated through rigoroussoftware testing *but some slip through the net. But the ones that do go viral are the silly but detrimental ones. One such bug was *Apple’s infamous code bug, informally referred to as “goto fail” or officially as “CVE-2014–1266”.

Image for post

Image by tookapic from Pixabay

The bug impaired Apple devices’ ability to verify the authenticity of the websites you visited. This meant that your iPhone could not tell the difference between your actual bank websites and an imposter.

SSL — How computers verify and trust other computers on the internet

Before we understand what went wrong, we need to understand _‘SSL’ — Secure Sockets Layer: _the mechanism which allows computers to trust and verify websites on the internet. Your browser does this for you every time and this is how it looks:

Image for post

Image for post

Image by Author: Komal Venkatesh Ganesan

These days, all websites use HTTPS(i.e, HTTP with SSL) to connect securely. That forces the website you visit to present a certificate to prove its authenticity. Your computer then verifies this against a set of pre-loaded keys in the browser to see if it was digitally “signed” by a certification body. This ‘digital signature’ utilises the math of asymmetric cryptography. If that math works out and the certificate proves to be signed by one of the certificate authority(CA) keys in the browser — it gives you a green light and everything is hunky-dory. Nobody can sniff on your data or hijack your web-sessions.

But when there is an imposter at the other end, your browser stops you. Here’s an example I created in python pretending to be the wikipedia.org server:

Image for post

Image for post

Image By Author: Komal Venkatesh Ganesan

The browser knows this because I don’t have a certificate signed by one of the authorities that the browser validates against. In fact, I signed the certificate myself saying, _‘I am wikipedia.org’ _(not the greatest of hacks), but SSL knows this and protects you from it. Notice — “self-signed root certificate”:

software-development apple case-study mistakes technology

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Offshore Software Development - Best Practices

To make the most out of the benefits of offshore software development, you should understand the crucial factors that affect offshore development.

5 Core Criteria for Selecting Software Development Company - TopDevelopers.co

Check out these five criteria for the selection of your software vendor, and you will never regret having the wrong quality product made for you.

ERP Software Services, POS Software Services , Application Development

Vinew Technologies focused majorly over ERP Software services and POS Software services, Web & Application development services & Woo commerce and Wordpress easy-to-use, multipurpose social media plugin for WordPress.

Global Offshore Software Development in Next Decade 2030

**Quick Summary:** Looking at the current market size of the Global Offshore Software Development, the future seems to be on the pinnacle of success. With the pace of technological advancements, the next decade of software development, meetings...

Wrestling Betting Software Development | WWE Betting Software Developers

Wrestling betting software development solutions from expert Wrestling betting app and software development company delivers ultimate betting experience. Chat with us.