Vulnerability in iOS and OS X allows devices to reboot
OS X and iOS have had a vulnerability that allowed attackers to reboot a device by serving a single IP packet. Apple fixed the vulnerability this week with OS X 10.10.3 and iOS 8.3.
The vulnerability has been named Darwin Nuke by its discoverer, security company Kaspersky Labs, because the vulnerability is in the open source Darwin kernel of both operating systems. Users of Macs, iPads and iPhones that have not yet done the update are vulnerable.
Other than rebooting, attackers cannot access the system with this vulnerability. By exploiting the vulnerability again and again to make the device shut itself down, it is possible to make it impossible for someone to work with it.
The vulnerability is that a kernel panic occurs as soon as an ip packet has a header of exactly sixty characters, while the load must be 65 characters or less and there must be errors in the ip options. As far as is known, attackers have not exploited this vulnerability in an attack. It is not clear whether the leak is also in versions prior to OS X Yosemite and iOS 8. Earlier this week, it was revealed that Apple has fixed another vulnerability with OS X 10.10.3.