A vulnerability, dubbed “Darwin Nuke,” can expose OS X 10.10 and iOS 8 devices to remotely activated denial of service attacks (DoS), research from Kaspersky Lab has revealed.
Discovered in 2014 in the kernel of the operating systems’ Darwin open source component, the vulnerability had the potential to damage devices and corporate networks, according to a Securelist blog post.
The vulnerability, which Apple has since patched, “is connected with the processing of an IP packet that has a specific size and invalid IP options.” A single incorrect network packet sent to the victim will crash the system, the blog post said.
While routers and firewalls “usually drop incorrect packets with invalid option sizes,” Kaspersky researchers “discovered several combinations of incorrect IP options that are able to pass through the Internet routers,” Anton Ivanov, senior malware analyst at Kaspersky Lab stated.
Leave a Reply