Apple fixes multiple XNU kernel vulnerabilities in iOS and macOS

Apple fixes multiple XNU kernel vulnerabilities in iOS and macOS

Kevin Backhouse a researcher of software engineering analytics firm Semmle had discovered multiple security faults in the XNU kernel of Apple the operating systems. All Apple operating systems running across various devices share this same kernel. These vulnerabilities hence had a serious impact.

This researcher, Kevin Backhouse, indicated one such vulnerability to impact MacOS and iOS in the same way. Apple has already made these corrections in the XNU kernel vulnerabilities in the iOS 12 and MacOS updates. A total of 71 security updates are available for the current macOS Mojave, and the older High Sierra and Sierra versions.

According to reports, Kevin Backhouse had discovered a buffer overflow vulnerability in the XNU OS kernel that can affect the MacOS and iOS. Out of the multiple vulnerabilities within the macOS XNU kernel which Apple also uses for iOS one was the CVE-2018-4407.

This bug could allow a cyber attacker to crash all the unpatched macOS and iOS devices on the same network, such as public Wi-Fi. This can be done due to a buffer overflow in the code that handles Internet Control Message Protocol (ICMP) packets. Hence this bug could easily affect Macbooks, iPads and iPhones.

Backhouse has said, “To trigger the vulnerability, an attacker merely needs to send a malicious IP packet to the IP address of the target device. No user interaction is required. The attacker only needs to be connected to the same network as the target device.”

After the bug is triggered, the attacker can crash the device or force a reboot.  According to the researcher, “An attacker could even remotely elicit this vulnerability. Hence, it may lead to the remote execution of arbitrary codes as well.”  

Backhouse will be disclosing the full details of the bug but for right now he has written and assembled a proof of concept code that could demonstrate the vulnerability.

As described in the Semmle advisory, “the vulnerabilities allow an attacker to mount a maliciously crafted NFS volume to gain kernel level privileges. This privilege level is higher than a normal administrator user account. Among other things, it allows an attacker to read, write and delete arbitrary files on disk and in memory, install new applications or wipe and reset the device to factory settings. No special permissions are required in macOS to mount an NFS share, so the vulnerabilities can be exploited by any user, including the built-in guest account, which does not require a password.”

The flaws in the September updates of iOS12, macOS Mojave 10.14 has been patched by Apple

For the NFS vulnerabilities, the affected OS which includes macOS versions 10.13.5 and earlier, Apple has patched the flaws with the macOS version 10.13.6 update in July. Apple has preferred not to disclose the vulnerabilities until November.

Leave a Reply

Your email address will not be published. Required fields are marked *