Apple disabling the SSL3 support in Push Notification Service

Apple are about to disable SSL3 support in Apple Push Notification Service at Wednesday, October 29.

Developers experiencing issues with Provider Communication interface in the development environment consider immediate updating the code. After this date – Push notification using SSL3 will stop working.

Official apple notification is below

The Apple Push Notification service will be updated and changes to your servers may be required to remain compatible.

In order to protect our users against a recently discovered security issue with SSL version 3.0 the Apple Push Notification server will remove support for SSL 3.0 on Wednesday, October 29. Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected. Providers that support both TLS and SSL 3.0 will not be affected and require no changes.

To check for compatibility, we have already disabled SSL 3.0 on the Provider Communication interface in the development environment only. Developers can immediately test in this development environment to make sure push notifications can be sent to applications.

POODLE Vulnerability found in all latest Checkpoint portals


POODLE Vulnerability found in all latest Checkpoint versions portals (Multi-Portal, GAIA WEBUI Portal, IPSO Portal, Secure Platform WEBUI, LoM card WEBUI)

In continuation to SHELLSHOCK bash vulnerability found exploitable in Checkpoint WEBUI the company is currently working on closing SSL 3 in all portals since found vulnerable for CVE-2014-3566 POODLE Bites vulnerability.

The Checkpoint sk102989 explains step by step procedure about disabling SSL 3 in all portals and howto enable IPS and HTTPS inspection protections in order to block the endpoint user browsers from successful SSL 3 negotiation in case the remote WEB site is trying to force it. The SK is being updated in mostly daily basis. There is no full solution for diskless IPSO systems can survive reboot  yet as well as pending solution for SmartPortal and LOM card WEBUI.

Of course all portals without solution provided shouldn’t be normally available from unsecured networks because designed to manage OS and hardware settings only.

All Checkpoint customers should check their publicly available portals and use the SK in order to fix. In addition it is highly recommended to disable the SSL 3 protocol on browser and network inspection gateways (UTM, Antivirus, Proxies).

There are free online tools customers can easely use in order to verify SSL 3 protocol support as well as POODLE vulnerability and configuration issues for their public portals

CheckPoint’s Firewall systems at risk of Shellshock Bash attacks

Companies should check whether their CheckPoint system’s has the widespread vulnerability

The Shellshock Bash bug was found in a typical CheckPoint system’s Admin panel (WebUI), opening up the possibility that many more of the business information security systems could be vulnerable if attacked.

The vulnerability exist at the CheckPoint firewall system’s administrative WebUI, DHCP component and more firewall’s system modules and affected all the CheckPoint Firewall’s versions of the Gaia, SecurePlatform, SecurePlatform 2.6, IPSO 6.2 and Gaia Embedded platforms and all appliance lines: 2012 models, Smart-1, Threat Emulation, UTM-1, Power-1

The bug uncovered this week in a widely used component of Linux, Unix and Mac OS X was found in the largest firewall vendor’s – CheckPoint Admin panel. Alexey Baltacov, Network Security Architect at Frogteam|Security, said Sunday “Because many vendors use similar servers, the vulnerability is likely widespread”.

Baltacov declined to expose the vulnerable path in the system but also said:

“I’m pretty sure that there are a bunch of them (vendors), if not a lot of them, that you can be also exploitable”.


A CheckPoint OS platform and the Admin panel, which often runs on Unix or Linux, is the main component of a CheckPoint Firewall system for managing and configuring the firewall hardware in the organization.

Many CheckPoint Firewalls hardware and servers run GNU Bash, which is the component with the critical flaw.

Bash, which stands for Bourne Again Shell, is the default command shell for the operating system.
The bug lets an attacker trick Bash into executing malicious command code by sending it via the Common Gateway Interface, an underlying component of the CheckPoint firewall’s administrative interface.

Eran Goldstein, Senior Cyber security and malware researcher at ZIMPERIUM said:

“Depending on the architecture of the firewall system, an attacker could manage and reconfigure all firewall hardware and  servers and gain access to a company’s internal network. Even if he you don’t have the username and password (for the Firewall server’s admin panel), he still can exploit the vulnerability. Also, once inside the firewall system’s admin panel, an hacker could infect components inside the organization network and IT environment.”


Security researchers reported Thursday that hackers were trying to exploit Shellshock in Web servers. On Friday, firewall vendor Incapsula reported that in a 12-hour period, it recorded 725 attacks per hour against a total of 1,800 domains.

“This is pretty high for a single vulnerability,” Tim Matthews, vice president of marketing at Incapsula, said.

The attacks originated from 400 unique IP addresses. More than half of the attacks started from China and the U.S.

In general, the attackers were running automated scripts from compromised servers in existing botnets in an attempt to add more systems to the network. Several botnet operators were using re-purposed distributed denial of service (DDoS) bots in an attempt to exploit Shellshock.

Checkpoint respond in the company official website:

The OS WebUI may be susceptible to environment changes caused by the Shellshock exploit. At the time of Sep 2014, Check Point is not aware of any exploit on its solutions.


From CheckPoint website:

A Hotfix package is currently available for R75.40, R75.40VS, R75.45, R75.46, R75.47, R76, R77, R77.10, and R77.20.

This Hotfix package is relevant to the main appliances lines: 2012 models, Smart-1, Threat Emulation, UTM-1, Power-1. For other appliances, see the relevant section below.

For other versions – R65, R70.20, R71.20, R75.10, R75.20 and R75.30, use the Early Availability (EA) solution below. A General Availability (GA) solution will be published within the week of September 29th.




Credit: Frogteam|Security