Apple products have long had a reputation for tighter security. One of the most common reasons why users stick with Macs and iOS gadgets’ walled gardens was to get away from malware and other security threats that constantly bombard other platforms.
However, even iOS and macOS cannot escape the occasional bugs and security flaws that can affect just about any piece of software that exists. Software programmers have their work cut out for them as they try and plug any potential holes as quickly they are discovered.
This is why it’s necessary to install and update your gadgets with the latest versions of their operating systems. It’s one way to protect them from potential threats. Take this newly discovered Apple flaw, for example. It’s so fundamental and basic that even anti-malware software can’t protect your gadget from this attack.
The Ping of Death
Security researcher Kevin Backhouse recently disclosed a vulnerability that affects Macs, iPhones, and iPads. The flaw would have allowed an attacker to shut them down as long as they were connected to the same Wi-Fi network.
Based on Backhouse’s research, an attacker can send a small piece of code to the IP address of the target macOS or iOS device and crash them, all without user interaction.
For example, you can be connected to your local Starbucks’ public Wi-Fi network and an attacker who’s also connected can direct the malicious packet to your gadget to freeze it or shut it down.
This technique is commonly known as a “ping of death,” where an attacker sends a malicious IP packet that exceeds a certain size, which then causes a gadget’s memory buffer to overflow.
But this particular flaw goes beyond simply rebooting the affected gadgets, though. Apple also classified this flaw as a “remote code execution” bug. This means an attacker can also use this exploit to run malicious code on the affected gadgets.
Here’s a video of the exploit in action:
The fix is out
Backhouse informed Apple about the flaw on August 29 and thankfully, the company already patched the flaw with iOS 12 for iPhones and iPads and macOS Mojave for Macs.
However, if you have an older Apple gadget or if you’re still running an older version of iOS or macOS, your device is still vulnerable. Here’s a list of vulnerable Apple operating systems and gadgets.
- iOS 11 and earlier: all devices
- macOS High Sierra, up to and including 10.13.6: all devices
- macOS Sierra, up to and including 10.12.6: all devices
- OS X El Capitan and earlier: all devices
How to protect yourself
First order of business, to protect yourself against this attack (and other security flaws, for that matter), you have to get the latest update for your operating system, be it iOS or macOS. The latest version of iOS is 12.1 and macOS is 10.14.1.
For older Apple gadgets that can no longer be updated with the latest operating systems, try staying away from public Wi-Fi networks as much as you can. Keep in mind that the attacker has to be connected locally to the same network and the malicious packet can’t be sent over the internet.
For older Macs, it is recommended that you turn on Stealth Mode on your macOS firewall, Here’s how you do this:
1. Open your Mac’s “System Preferences” then select “Security & Privacy.”
2. Make sure your Firewall is turned on then select Firewall Options
3. Check “Enable stealth mode.” This will stop your machine from responding to ping packets and other incoming test signals.
How to update your iOS gadget
To check for available iOS updates, go into your “Settings” app and select “General.” From there, select “Software Update” and your device will begin to check for updates. Then select “Download and Install” to get the latest version (if available).
To get the update from iTunes, connect your device to a computer, open iTunes, and select your device from the menu in your iTunes Library. Select “Summary” and then click on “Check for Update.” Finally, select “Download and Update” and wait for the update to sync to your device.
How to update your Mac:
Here’s how to update the most recent version of macOS:
- Open the App Store app
- Click Updates in the toolbar
- Tap the Update button next to the macOS update to download and install
- Your gadget will restart when it is finished updating
Note: You can also open the App Store Update tab by clicking the “Software Update…” button on “About This Mac.”
Click here to read Kevin Backhouse’s full blog post about the flaw.
What new features does iOS 12 bring to the table? Listen to this free Komando On Demand podcast and find out.