Apple Patched Multiple XNU Kernel Vulnerabilities In MacOS And iOS

  • 95

A researcher from Semmle discovered multiple security flaws in the XNU kernel of Apple operating systems. Since all Apple operating systems running across different devices share the same kernel, the vulnerabilities had a serious impact. In fact, the researcher Kevin Backhouse has demonstrated one such vulnerability to impact MacOS and iOS in the same way. Fortunately, Apple has already patched these XNU kernel vulnerabilities in the iOS 12 and MacOS updates.

Critical Bug Crashing Numerous Apple Devices

Reportedly, Kevin Backhouse discovered a critical bug that could crash multiple Apple devices upon exploit. According to Backhouse, he discovered a heap buffer overflow vulnerability (CVE-2018-4407) in the XNU OS kernel that affected MacOS and iOS. Hence, the bug could allegedly affect Macbooks, iPhones, and iPads alike.

As explained by Backhouse along with the POC for this bug residing in the ICMP packet-handling module,

“To trigger the vulnerability, an attacker merely needs to send a malicious IP packet to the IP address of the target device. No user interaction is required. The attacker only needs to be connected to the same network as the target device.”

He has shared the below video demonstrating the exploit.

After triggering the bug, an attacker could crash the device or force reboot. Besides, according to the researcher, an attacker could even remotely elicit this vulnerability. Hence, it may lead to the remote execution of arbitrary codes as well.

More XNU Kernel Vulnerabilities

Apart from the CVE-2018-4407 discussed above, Backhouse also discovered five other buffer overflow vulnerabilities in the XNU kernel. However, these vulnerabilities existed in the client-side Network File System (NFS) implementation. These vulnerabilities include CVE-2018-4259, CVE-2018-4286, CVE-2018-4287, CVE-2018-4288, and CVE-2018-4291. As described in the Semmle advisory,

“The vulnerabilities allow an attacker to mount a maliciously-crafted NFS volume to gain kernel-level privileges. This privilege level is higher than a normal administrator user account. Among other things, it allows an attacker to read, write, and delete arbitrary files on disk and in memory, install new applications, or wipe and reset the device to factory settings. No special permissions are required in macOS to mount an NFS share, so the vulnerabilities can be exploited by any user, including the built-in guest account, which does not require a password.”

The researcher has also given a POC for these vulnerabilities alongside demonstrating the exploit in this video.

Apple Has Patched The Flaws

The ICMP packet-handling flaw (CVE-2018-4407) allegedly affected the devices running on iOS 11 and earlier versions, Apple macOS High Sierra versions up to 10.13.6, and Apple macOS Sierra versions up to 10.12.6. Apple has patched the flaw in the September updates of iOS 12, macOS Mojave 10.14.

Whereas, for the other NFS vulnerabilities, the affected operating system includes macOS versions 10.13.5 and earlier. Apple patched the flaws with the macOS version 10.13.6 update in July. However, Apple preferred not to disclose the vulnerabilities until November.

Make sure you upgrade to the latest versions to protect your Apple devices from these XNU kernel vulnerabilities.

Let us know your thoughts in the comments section.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!