'Darwin Nuke' Vulnerability Discovered in Apple's OS X
Source: Jennifer LeClaire
If you are a hard-core Apple user, Kaspersky Lab has bad news for you. The security research firm has discovered a vulnerability in the kernel of Darwin -- an open source component of both the OS X and iOS operating systems.
Kaspersky is calling it the “Darwin Nuke” vulnerability and it leaves OS X 10.10 and iOS 8 devices exposed to remotely-activated denial of service (DoS) attacks. Those attacks can damage a user’s device and impact any corporate network to which it is connected.
“At first sight, it is very hard to exploit this bug, as the conditions attackers need to meet are not trivial ones,” said Anton Ivanov, senior malware analyst at Kaspersky Lab. “But persistent cybercriminals can do so, breaking down devices or even affecting the activity of corporate networks.”
Conditional Success
Kaspersky’s analysis of the vulnerability shows 64-bit processors and iOS 8: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Air 2, iPad mini 2, and iPad mini 3 are vulnerable to the threat.
The “Darwin Nuke” vulnerability is exploited while processing an IP packet of specific size and with invalid IP options, according to Kaspersky. Simply stated, remote attackers can initiate a DoS attack by sending an incorrect network packet to the target. After processing the invalid network packet, the system will crash.
That said, Kaspersky researchers discovered that the system will only crash if the IP packet meets the following conditions: the size of the IP header should be 60 bytes; the size of the IP payload should be less than or equal to 65 bytes; and the IP options should be incorrect.
“Routers and firewalls would usually drop incorrect packets with invalid option sizes, but we discovered several combinations of incorrect IP options that are able to pass through the Internet routers,” Ivanov said. “We’d like to warn all OS X 10.10 and iOS 8 users to update devices to OS X 10.10.3 and iOS 8.3 releases.”
Could Be Devastating
We asked Craig Young, a security researcher at advanced threat protection firm Tripwire, what he had to say about Darwin Nuke. He told us this attack could be devastating to iOS users connecting to cellular networks that provide public IP addresses that are accessible to anyone.
“A continued scan of telco networks using a tool like Rob Graham's masscan could create a persistent denial-of-service condition on unpatched devices. And, with the details described by Kaspersky in the report, it's trivial for an attacker to start exploiting this flaw immediately on iOS 8 and OS X 10.10,” Young said.
“When on Wi-Fi, the attack surface is slightly diminished for iOS since most Wi-Fi networks are behind a firewall device," he added. "But, an attacker already on a corporate or home network could potentially use this attack to cause iPhones, iPads, and Macs on the network to reboot. iOS users should upgrade immediately."
| }
|