They find the vulnerability "Darwin Nuke" in iOS and ...

They find the vulnerability “Darwin Nuke” in iOS and …

April 13, 2015

Security researchers from Kaspersky Lab have discovered a vulnerability in the Darwin kernel – an open source component of the iOS and OS X operating systems. This vulnerability, called “Darwin Nuke”, allows devices with the operating systems iOS 8 and OS 10.10 are exposed to remotely activated DoS (Denial of Service) attacks that can damage the user’s device and also affect any corporate network to which the user is connected. Experts urge users to update their devices with iOS 8.3 and OS X 10.10.3 software versions, which no longer have this vulnerability.

Analysis of the vulnerability by Kaspersky Lab revealed that the devices affected by the threat include those with 64-bit processors and iOS 8 operating system: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Air 2, iPad mini 2, and iPad mini 3. The “Darwin Nuke” vulnerability can be exploited by processing an IP packet of specific size and with invalid IP settings. Remote attackers can initiate a DoS (denial of service) attack on a device with OS X 10.10 or iOS 8 operating system, sending the wrong packet to the target.

After processing the invalid network packet, there will be a system crash. Researchers at Kaspersky Lab found that the system crash will happen only if the IP packet meets the following conditions:

  • – The size of the IP header must be 60 bytes.
  • – The size of the IP payload must be less than or equal to 65 bytes.
  • – IP options must be incorrect (invalid option size, class, etc.)

“At first glance, it is very difficult to exploit this error, since the conditions that attackers must satisfy are not trivial. But persistent cybercriminals can do it, breaking down devices or even disrupting corporate network activity. Routers and firewalls usually drop bad packets with invalid size option, but we discovered several combinations of bad IP options that were able to pass through the Internet routers. We would like to advise all users of iOS 8 and OS X 10.10 operating systems to upgrade to iOS 8.3 and OS X 10.10.3, »- says Anton Ivanov, Senior Malware Analyst at Kaspersky Lab.

Kaspersky Lab products protect the OS X operating system against the “Darwin Nuke” vulnerability with the Network Attack Blocker function. With Kaspersky Internet Security for Mac 15.0, this threat is detected as DoS.OSX.Yosemite.ICMP.Error.exploit.

Kaspersky Lab’s tips to increase the security of Mac devices are:

  1. Use a web browser that has a strong trail to fix security issues right away.
  2. Please run “Software Update” and patch the machine timely when the updates are available.
  3. Use a password manager to help you deal with phishing attacks.
  4. Install a good security solution.

Image: Kaspars Grinvalds via Shutterstock

[+] Videos de nuestro canal de YouTube