Wednesday, April 15, 2015

"Kaspersky Lab" discovered a vulnerability in iOS and OS X, allows you to remotely bring the system down

The specialists of "Kaspersky Lab" announced the discovery of vulnerabilities in operating systems, OS X and iOS. Security hole can be exploited by an attacker to remotely, allowing a specially trained network packets successfully implement the DoS-attack and bring the computer or smartphone victim down, the company said. This threat has been reported to relevant systems for versions OS X 10.10 and iOS 8 without the latest updates.

As representatives of the Laboratory, vulnerability is caused by an insufficient buffer in the OS kernel, which can not accommodate the generated package - because of this operating system completes its work in emergency mode.
Initially, this threat has been detected in the operating system OS X Yosemite 10.10. Further studies have shown that the vulnerability is also present in iOS 8 running on 64-bit platform - this combination can be found in smartphones iPhone 5s and above, as well as tablets and newer iPad Air and iPad mini second and subsequent generations. Despite the fact that in some cases, telecommunications equipment or firewalls do not allow network packets with incorrect attributes, those skilled in the experiment was able to attack by common models of routers.
"Users may exploit this vulnerability scenario seems far-fetched and not applicable in practice. However, it is not. Professional, knowledgeable in network protocols, easily create a package that remotely shut down the device or even suspend the operation of the entire corporate network. And, despite the fact that in the latest versions of this vulnerability is already out, this case once again shows that we should not trust the stereotype of unconditional security Apple-devices. It is better to trust in a reliable security solution" - says Anton Ivanov, a senior virus analyst "Kaspersky Lab".
"Kaspersky Lab" urged the owners of iPhone, iPad and Mac to use their software package Kaspersky Internet Security, which protects the device against this threat thanks to the absolute protection against network attacks.