‘Darwin Nuke’ DoS Vulnerability Discovered In iOS 8 And OS X Yosemite 10.10

It's not often that we learn of a DDoS attack that can be sourced from mobile devices, but as it happens, it's something that's possible on iOS devices not running the latest 8.3 software.

The bug isn't exclusive to iOS, however. Because the 'Darwin Nuke' flaw exists in the Darwin kernel, the desktop OS X is also affected. To be protected there, an upgrade to 10.10.3 is required.

It's unfortunately not mentioned when this bug first surfaced, but Kaspersky notes that affected devices include the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Air 2, iPad mini 2, and iPad mini - in effect, iOS devices with a 64-bit processor.

Exploiting the vulnerability isn't trivial, as it's quite specific. It requires an IP header to reach the device that's 60 bytes in size, has a payload of 65 bytes or less, and consists of invalid options. The report mentions that while most routers would simply disregard such data, researchers have noticed that the data is "able to pass through the Internet routers".

This is one of those times when you should already be protected from a bug by the time you hear of it, but if you have any outdated 64-bit iOS devices, Kaspersky highly recommends updating as soon as possible.