Researchers have discovered a vulnerability in the kernel of Darwin – an open-source component of both the OS X and iOS operating systems. This “Darwin Nuke” vulnerability leaves OS X 10.10 and iOS 8 devices exposed to remotely-activated denial of service (DoS) attacks that can damage the user’s device and impact any corporate network to which it is connected. The experts call on users to update devices with the OS X 10.10.3 and iOS 8.3 software releases, which no longer include this vulnerability. Also Read - iPhone 13 to come with faster charging as compared to iPhone 12
Analysis of the vulnerability by Kaspersky Lab revealed that the devices affected by the threat include those with 64-bit processors and iOS 8: iPhone 5s, iPhone 6, iPhone 6 Plus,iPad Air, iPad Air 2,iPad mini 2, and iPad mini 3. Also Read - Apple TV Plus for free: PS5 owners get six months subscription free of cost
The ” Darwin Nuke” vulnerability is exploited while processing an IP packet of specific size and with invalid IP options. Remote attackers can initiate a DoS (denial of service) attack on a device with OS X 10.10 or iOS 8, sending an incorrect network packet to the target. After processing the invalid network packet, the system will crash. Kaspersky Lab’s researchers discovered that the system will crash only if the size of the IP header is 60 bytes, the size of the IP payload is less than or equal to 65 bytes and the IP options are incorrect. Also Read - This photo shot with iPhone X by an Indian wins iPhone Photography Awards
“At first sight, it is very hard to exploit this bug, as the conditions attackers need to meet are not trivial ones. But persistent cybercriminals can do so, breaking down devices or even affecting the activity of corporate networks. Routers and firewalls would usually drop incorrect packets with invalid option sizes, but we discovered several combinations of incorrect IP options that are able to pass through the Internet routers. We’d like to warn all OS X 10.10 and iOS 8 users to update devices to OS X 10.10.3 and iOS 8.3 releases,” – says Anton Ivanov, Senior Malware Analyst at Kaspersky Lab.
For boosting the security of Mac devices, Kaspersky Lab’s advises users to use a web browser that has a solid track record of fixing security issues promptly, run “Software Update” and patch the machine promptly when updates are available, use a password manager to help cope with phishing attacks, install a good security solution.