Endpoint
4/10/2015
03:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Apple Patches 'Darwin Nuke,' Other Security Flaws With New OS Releases

Denial-of-service flaw discovered by researchers at Kaspersky Lab could affect Apple users' corporate networks.

Apple iPhone, iPad, and Mac users have one more reason to upgrade to the latest versions of iOS and OS X besides the new Photos app, the 300 additional emoji characters, and several other features that Apple has packed into the operating systems.

The new versions also address a serious security vulnerability that leaves people using devices running OS X 10.10 or iOS 8 open to denial of service attacks.

The flaw, discovered by researchers at Kaspersky Lab, exists in the kernel of Darwin, the open source components on which iOS and OS X are built. Dubbed “Darwin Nuke,” the vulnerability basically allows attackers to remotely activate denial of service attacks that can damage a user’s Mac or iOS device and impact any corporate network to which it is connected, according to an alert issued by Kaspersky Lab today.

The devices affected by the threat include those with 64-bit processors and iOS 8, says Anton Ivanov, senior malware analyst at Kaspersky Lab. Specific devices include iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Air 2, iPad Mini 2, and iPad Mini 3.

The problem has to do with the manner in which Darwin processes IP packets of a specific size and containing certain invalid IP options. An attacker that knows how to craft such malformed packages can use them to initiate a denial of service attack on any device running OS X 10.10 or iOS 8. “After processing the invalid network packet, the system will crash,” Ivanov said.

“Attackers can send just one incorrect network packet to the victim and the victim's system will crash,” he told Dark Reading.

However, certain specific conditions need to exist in order for someone to be able to exploit the vulnerability. The system can be made to crash only if the size of IP packet header is 60 bytes and the payload itself is less than or equal to 65 bytes, he says. The IP options specified in the packet also need to be deliberately incorrect in terms of size, class, and other features.

The bug appears hard to exploit initially because the prerequisite conditions are not particularly easy to achieve, he said. “But persistent cybercriminals can do so, breaking down devices or even affecting the activity of corporate networks,” Ivanov said.

Though routers and firewalls typically drop incorrectly formed IP packets, they don’t always do so, he noted. Kaspersky’s researchers were able to find several combinations of incorrect IP options that are able to get through Internet routers and perimeter defenses like firewalls. As a result, those using devices running OS X 10.10 and iOS 8 should update to the new OS X Yosemite v10.10.3 and iOS 8.3 releases of the operating systems, he said.

Apple’s new OS X Yosemite v10.10.3 also addresses another serious security flaw -- one discovered by Emil Kvarnhammar, a security researcher at TrueSec.

According to Kvarnhammar, the Admin framework in OS X contains a hidden backdoor Application Programming Interface (API) that would let an attacker gain root access to devices running previous versions of the operating system.

“This is a local privilege escalation to root, which can be used locally or combined with remote code execution exploits," he wrote in an alert yesterday.

Kvarnhammar says he discovered the flaw in October 2014 and reported it to Apple. But he thinks it may have been around since at least 2011 when Mac OS X 10.7 was released. Mac users running OS X 10.9 and older remain vulnerable to the threat because Apple has decided not to issues patches for these versions, he noted in urging people to upgrade to 10.10.3

Apple’s Yosemite v10.10.3 addresses several other flaws as well including several arbitrary code execution flaws reported by various researchers and by Google’s Project Zero vulnerability research group. Apple has published a complete list of patched vulnerabilities in Yosemite v10.10.3 here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
How Systematic Lying Can Improve Your Security
Lance Cottrell, Chief Scientist, Ntrepid,  10/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Search Cybersecuruty and you will get unicorn.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.