A VULNERABILITY affecting iPhones, iPads and Macs that could allow an attacker to remotely activate a denial of service (DoS) attack has been found by researchers at security firm Kaspersky Lab.
The threat was discovered in the kernel of Darwin, an open source component of OS X and iOS, and affects devices with 64-bit processors and iOS 8. These are the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Air 2, iPad mini 2 and iPad mini 3.
The 'Darwin Nuke' vulnerability is exploited while processing an IP packet of specific size and with invalid IP options. If launched successfully, it can damage the user's device and affect any corporate network to which it is connected.
"Remote attackers can initiate a DoS attack on a device with OS X 10.10 or iOS 8, sending an incorrect network packet to the target," explained Kaspersky. "After processing the invalid network packet, the system will crash."
Kaspersky's researchers discovered that a system will crash only if the IP packet meets the following conditions: the size of the IP header should be 60 bytes; the IP payload should be less than or equal to 65 bytes; and the IP options should be incorrect, for instance an invalid option size or class.
Kaspersky has advised Apple users to make sure that all devices are updated to the latest OS X 10.10.3 and iOS 8.3 software releases, which no longer include the vulnerability.
"At first sight, it is very hard to exploit this bug, as the conditions attackers need to meet are not trivial ones," said senior Kaspersky malware analyst Anton Ivanov.
"But persistent cyber criminals can do so, breaking down devices or even affecting the activity of corporate networks.
"Routers and firewalls would usually drop incorrect packets with invalid option sizes, but we discovered several combinations of incorrect IP options that are able to pass through the internet routers."
Kaspersky announced last month that it has carried out an involved study of the Equation Group and that it is probably the work of the US government.
The Kaspersky report refers to the use of 'Backsnarf', which appears in documents leaked by Edward Snowden that have been sourced from the US National Security Agency. µ
Must be something going on beneath the surface
2020 is going to be digital carnage
It's a great shame if it strudel
Don't get it near your Apple Card