Vulnerability Management

Darwin Nuke vulnerability allows DoS in OS X 10.10 and iOS devices

A vulnerability, dubbed "Darwin Nuke," can expose OS X 10.10 and iOS 8 devices to remotely activated denial of service attacks (DoS), research from Kaspersky Lab has revealed.

Discovered in 2014 in the kernel of the operating systems' Darwin open source component, the vulnerability had the potential to damage devices and corporate networks, according to a Securelist blog post.

The vulnerability, which Apple has since patched, "is connected with the processing of an IP packet that has a specific size and invalid IP options." A single incorrect network packet sent to the victim will crash the system, the blog post said.

While routers and firewalls “usually drop incorrect packets with invalid option sizes,” Kaspersky researchers “discovered several combinations of incorrect IP options that are able to pass through the Internet routers,”  Anton Ivanov, senior malware analyst at Kaspersky Lab, said in a statement sent to SCMagazine.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds