Beware! New vulnerability can completely mess-up your iPhone and Mac

Kaspersky Lab security researchers have discovered vulnerability in the kernel of Darwin – an open-source component of both the OS X and iOS operating systems. This ‘Darwin Nuke’ vulnerability leaves OS X 10.10 and iOS 8 devices exposed to remotely-activated denial of service (DoS) attacks that can damage the user’s device and impact any corporate network to which it is connected.

Analysis of the vulnerability by Kaspersky Lab revealed that the devices affected by the threat include those with 64-bit processors and iOS 8: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Air 2, iPad mini 2, and iPad mini 3.

Recommendation from Kaspersky Lab:

All OS X 10.10 and iOS 8 users must update devices to OS X 10.10.3 and iOS 8.3 releases

Information on the technicality:

The ‘Darwin Nuke’ vulnerability is exploited while processing an IP packet of specific size and with invalid IP options. Remote attackers can initiate a DoS (denial of service) attack on a device with OS X 10.10 or iOS 8, sending an incorrect network packet to the target. After processing the invalid network packet, the system will crash. Kaspersky Lab’s researchers discovered that the system will crash only if the IP packet meets the following conditions:

• The size of the IP header should be 60 bytes.
• The size of the IP payload should be less than or equal to 65 bytes.
• The IP options should be incorrect (invalid option size, class, etc.)