Your iPhone and iPad are at risk from Darwin Nuke
Apple customer? Kaspersky's just uncovered a new denial of service flaw affecting your devices
Kaspersky has uncovered a security flaw affecting iPhone, iPad and Mac operating systems that puts them at risk of DoS (denial of service) attacks.
In addition to Macs running on OSX 10.10, the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Air 2, iPad mini 2, and iPad mini 3 running on iOS 8 are also affected by the Darwin Nuke vulnerability, the security firm warned.
The security hole comes from an open source component of the OSX and iOS operating systems known as Darwin, and is exploited when the part processes an IP packet size with invalid IP options.
If a hacker knows how to create inaccurate packages, they can then use them to launch a DoS, causing the computer, smartphone or tablet to crash.
However, a number of conditions needs to be present before Darwin Nuke will successfully execute. The IP packet header needs to be 60 bytes, with the payload less than or equal to 65 bytes. The IP options, including size and class, must also be incorrect.
Anton Ivanov, senior malware analyst at Kaspersky Lab, said: "At first sight, it is very hard to exploit this bug, as the conditions attackers need to meet are not trivial ones. But persistent cybercriminals can do so, breaking down devices or even affecting the activity of corporate networks.
"Routers and firewalls would usually drop incorrect packets with invalid option sizes, but we discovered several combinations of incorrect IP options that are able to pass through the Internet routers. We'd like to warn all OS X 10.10 and iOS 8 users to update devices to OS X 10.10.3 and iOS 8.3 releases."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Apple has now included a patch in the latest OS X and iOS updates, which it is encouraging all users to download immediately.
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.