Kaspersky Lab security researchers have discovered vulnerability dubbed ‘Darwin Nuke’ in OS X and iOS devices. The ‘Darwin Nuke’ vulnerability, originates in the kernel of Darwin, an open-source component of both the OS X and iOS operating systems. This vulnerability can expose OS X 10.10 and iOS 8 devices to remotely activated denial of service (DoS) attacks that can damage user’s device and impact any corporate network to which it is connected.
To get rid of the vulnerability, experts have recommended users to update their devices with the OS X 10.10.3 and iOS 8.3 software releases, which no longer consist of this vulnerability.
Analysis of the vulnerability by Kaspersky Lab discovered that the devices affected by the threat include those with 64-bit processors and iOS 8 like iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Air 2, iPad mini 2, and iPad mini 3.
The “Darwin Nuke” susceptibility has been exploited while processing an IP packet of specific size with invalid IP options. Remote attackers can start a DoS attack on a device with OS X 10.10 or iOS 8, directing an incorrect network packet to the target. After processing the invalid network packet, the system will crash, the press release states.
Kaspersky Lab’s researchers revealed that the system crashes only if the IP packet meets the following circumstances:
- The size of the IP header should be 60 bytes.
- The size of the IP payload should be less than or equal to 65 bytes.
- The IP options should be incorrect (invalid option size, class, etc.)
“At first sight, it is very hard to exploit this bug, as the conditions attackers need to meet are not trivial ones. But persistent cybercriminals can do so, breaking down devices or even affecting the activity of corporate networks. Routers and firewalls would usually drop incorrect packets with invalid option sizes, but we discovered several combinations of incorrect IP options that are able to pass through the Internet routers. We’d like to warn all OS X 10.10 and iOS 8 users to update devices to OS X 10.10.3 and iOS 8.3 releases,” says Anton Ivanov, Senior Malware Analyst at Kaspersky Lab.
Otherwise, Kaspersky Lab’s products also protect OS X against the “Darwin Nuke” vulnerability with the ‘Network Attack Blocker’ feature. With Kaspersky Internet Security for Mac 15.0, this threat is detected as DoS.OSX.Yosemite.ICMP.Error.exploit.
Kaspersky Lab’s tips for improving the security of Mac devices include:
- Use a web browser with a solid track record of fixing security issues promptly.
- Run “Software Update” and patch the machine promptly when updates are available.
- Use a password manager to help cope with phishing attacks.
- Install a good security solution.