Apple Systems Vulnerable to BugKaspersky Reports 'Darwin Nuke' Affects OS X, iOS
Kaspersky Lab has released information on a vulnerability, dubbed "Darwin Nuke," discovered by its security researchers in the kernel of Darwin - an open-source component of Apple's OS X and iOS operating systems. This vulnerability leaves OS X 10.10 and iOS 8 devices exposed to remotely activated denial-of-service attacks that can damage the user's device and impact any enterprise network to which it is connected.
According to Kaspersky's SecureList Blog, the vulnerability is connected with the processing of an IP packet that has a specific size and invalid IP options, enabling attackers to cause a denial of service on devices with 64-bit processors and OS X v10.10 or iOS v8 or lower versions installed.
This means that attackers can send just one incorrect network packet to the victim, and the victim's system will crash. The bug was discovered in December 2014 and shared with Apple.
Apple confirms that the vulnerability CVE 2051-1105, has been fixed in its latest software releases: OS X Yosemite v10.10.3 for Macintosh PCs; iOS v8.3 for Apple mobile devices (iPhone, iPads); and the Apple TV v7.2 software update.
How it Works
The "Darwin Nuke" vulnerability can be exploited by an attacker by sending an IP packet of specific size and with invalid IP options to a device with OS X 10.10 or iOS 8. The OS on the device crashes after processing the incorrect network packet.
Kaspersky Lab's blog states that the IP packet needs to meet the following conditions to crash the system:
- The IP header size should be 60 bytes;
- The IP payload size should be less than or equal to 65 bytes;
- The IP options should be incorrect (invalid option size, class, etc.)
When these conditions are met, the OS panic function is engaged and the system is shut down in emergency mode, the researchers say. "At first sight, it is very hard to exploit this bug, as the conditions attackers need to meet are not trivial ones. But persistent cybercriminals can do so, breaking down devices or even affecting the activity of corporate networks," says Anton Ivanov, senior malware analyst at Kaspersky Lab.
Routers and firewalls would usually drop incorrect packets with invalid option sizes, Ivanov says. But the researchers discovered several combinations of incorrect IP options that are able to pass through. Kaspersky has not released any data on such attacks being noticed in the wild. According to Apple's website, this vulnerability existed because of a "state inconsistency" in the processing of TCP headers in OS X and iOS, which has be addressed in its latest updates.
When this vulnerability is exploited, it apparently impacts the device more than the enterprise network, says a senior CISO from the Indian information security community, who asked not to be named. He believes there are no references as yet that exploited devices could act as a launch pading for attacks into the enterprise network.
Those who have mobile device management enabled should quickly enforce users to update to iOS 8.3, he says. Those who are unable to do so should campaign for an upgrade to iOS 8.3 and prepare a business case for MDM, he advises.
K. K. Mookhey, director at Mumbai-based security consultancy Network Intelligence, says that given that the vulnerability requires a number of conditions be met for it to execute successfully, and is a denial of serivce vulnerability, it does not result in a compromise of the endpoint. As a result, he says the implications for enterprise security are highly limited. "I wouldn't have sleepless nights over it, but yes updating the iOS version is mandatory whenever there is a security release."
Sridhar Govardhan, head of cyber defense at Indian IT giant Wipro, believes that with Apple products increasing in popularity, they will continue receiving more attention from attackers. Most security products are focused on the Windows platform currently, he says, and very few vendors have solutions for anti-malware protection and patch management for Apple's platforms.
Experts, including Kaspersky Lab, recommend upgrading all Apple devices to the latest versions of the respective operating systems - v10.10.3 and Security Update 2015-004 for OS X Yosemite, Apple TV 7.2 and iOS v8.3 - to remediate this flaw.