Researchers at the international cybersecurity firm Kaspersky Lab have discovered a vulnerability in the Darwin kernel which leaves users of OS X 10.10 and iOS 8 vulnerable to a remote denial of service (DoS) attack which affects the following devices:
- iPhone 5s
- iPhone 6
- iPhone 6 Plus
- iPad Air
- iPad Air 2
- iPad mini 2
- iPad mini 3
Computing.co.uk notes in a report that all of the aforementioned devices run iOS 8 on 64-bit processors.
In order to resolve the issue, users of such operating systems are encouraged to update to the latest variants, which are OS X 10.10.3 and iOS 8.3.
Kaspersky Lab is the same security firm which released details of an ongoing investigation into a group of world class NSA-linked hackers dubbed the “Equation group” by the anti-virus company’s researchers. The report indicated that numerous computers around the world had been infected with sophisticated spyware linked to the elite hackers.
According to the Russian-based security firm, the “Darwin Nuke” vulnerability exists in the Darwin kernel, which is an open-source component of both OS X as well as iOS. They further indicate that the attack could be used to cause damage to corporate networks.
The vulnerability is exploitable through the sending of specially crafted IP packets with invalid options such as size and class which cause the targeted device to crash.
While senior malware analyst Anton Ivanov of Kaspersky Labs notes that routers as well as firewalls “usually drop incorrect packets with invalid option sizes,” the company’s researchers did find “several combinations of incorrect IP options that are able to pass through the internet routers”.
Routers and firewalls would usually drop incorrect packets with invalid option sizes, but we discovered several combinations of incorrect IP options that are able to pass through the internet routers
Are you running a vulnerable version of either operating system on any of your devices?