Unpatched iPhone and iPads can be remotely rebooted due vulnerability

Apple’s operating systems OS X and iOS were vulnerable to an attack that allowed to restart the devices by attacking them with a single malicious IP packet. Apple patched the vulnerability this week with the release of OS X 10.10.3 and iOS 8.3.

apple_macbook_air_add_2 (500 x 271)

The discoverer of the vulnerability, Kaspersky Labs, has named it Darwin Nuke, because the vulnerability is in the open source Darwin kernel of both OS X and iOS. Users of Macs, iPads and iPhones that haven’t updated to the latest version of their operating system remain vulnerable.

Besides restarting the device, potential attackers could not gain access to the system when abusing the vulnerability. However by sending the malicious IP packet repeatedly, resulting in a continuously restarting the device, it’s possible to make it impossible for someone to work with the affected OS X computer or iOS phone or tablet.

When the malicious IP packet is received by a vulnerable device, a kernel panic is generated, which in its turn reboots the affected device. It’s unknown whether attackers have abused the vulnerability “in the wild”. It’s also unknown if devices running earlier versions than OS X Yosemite and iOS 8 are vulnerable.

Earlier this week we reported about another vulnerability in OS X that allowed attackers to gain root access to the OS.

Previously many users valued Apple’s ecosystem for its relative low amount of exploits, but with the growing popularity it seems the platforms has also gained interest by cybercriminals and therefore also security researchers.