Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/10/2015
03:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Apple Patches 'Darwin Nuke,' Other Security Flaws With New OS Releases

Denial-of-service flaw discovered by researchers at Kaspersky Lab could affect Apple users' corporate networks.

Apple iPhone, iPad, and Mac users have one more reason to upgrade to the latest versions of iOS and OS X besides the new Photos app, the 300 additional emoji characters, and several other features that Apple has packed into the operating systems.

The new versions also address a serious security vulnerability that leaves people using devices running OS X 10.10 or iOS 8 open to denial of service attacks.

The flaw, discovered by researchers at Kaspersky Lab, exists in the kernel of Darwin, the open source components on which iOS and OS X are built. Dubbed “Darwin Nuke,” the vulnerability basically allows attackers to remotely activate denial of service attacks that can damage a user’s Mac or iOS device and impact any corporate network to which it is connected, according to an alert issued by Kaspersky Lab today.

The devices affected by the threat include those with 64-bit processors and iOS 8, says Anton Ivanov, senior malware analyst at Kaspersky Lab. Specific devices include iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Air 2, iPad Mini 2, and iPad Mini 3.

The problem has to do with the manner in which Darwin processes IP packets of a specific size and containing certain invalid IP options. An attacker that knows how to craft such malformed packages can use them to initiate a denial of service attack on any device running OS X 10.10 or iOS 8. “After processing the invalid network packet, the system will crash,” Ivanov said.

“Attackers can send just one incorrect network packet to the victim and the victim's system will crash,” he told Dark Reading.

However, certain specific conditions need to exist in order for someone to be able to exploit the vulnerability. The system can be made to crash only if the size of IP packet header is 60 bytes and the payload itself is less than or equal to 65 bytes, he says. The IP options specified in the packet also need to be deliberately incorrect in terms of size, class, and other features.

The bug appears hard to exploit initially because the prerequisite conditions are not particularly easy to achieve, he said. “But persistent cybercriminals can do so, breaking down devices or even affecting the activity of corporate networks,” Ivanov said.

Though routers and firewalls typically drop incorrectly formed IP packets, they don’t always do so, he noted. Kaspersky’s researchers were able to find several combinations of incorrect IP options that are able to get through Internet routers and perimeter defenses like firewalls. As a result, those using devices running OS X 10.10 and iOS 8 should update to the new OS X Yosemite v10.10.3 and iOS 8.3 releases of the operating systems, he said.

Apple’s new OS X Yosemite v10.10.3 also addresses another serious security flaw -- one discovered by Emil Kvarnhammar, a security researcher at TrueSec.

According to Kvarnhammar, the Admin framework in OS X contains a hidden backdoor Application Programming Interface (API) that would let an attacker gain root access to devices running previous versions of the operating system.

“This is a local privilege escalation to root, which can be used locally or combined with remote code execution exploits," he wrote in an alert yesterday.

Kvarnhammar says he discovered the flaw in October 2014 and reported it to Apple. But he thinks it may have been around since at least 2011 when Mac OS X 10.7 was released. Mac users running OS X 10.9 and older remain vulnerable to the threat because Apple has decided not to issues patches for these versions, he noted in urging people to upgrade to 10.10.3

Apple’s Yosemite v10.10.3 addresses several other flaws as well including several arbitrary code execution flaws reported by various researchers and by Google’s Project Zero vulnerability research group. Apple has published a complete list of patched vulnerabilities in Yosemite v10.10.3 here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...
CVE-2019-5036
PUBLISHED: 2019-08-20
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially cr...
CVE-2019-8103
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8104
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...