Home Mobile News A kernel vulnerability in Apple devices gives access to remote code execution

A kernel vulnerability in Apple devices gives access to remote code execution

By
Prasad Ramesh
-
0
5426
kernels
2 min read

A heap buffer overflow vulnerability was found in Apple’s XNU OS kernels by Kevin Backhouse. An exploit can potentially cause any iOS or macOS device on the same network to reboot, without any user interaction. Apple has classified this kernel vulnerability as a remote code execution (RCE) vulnerability in the kernel. It may be possible to exploit buffer overflow to execute arbitrary code in the kernel.

The vulnerability is fixed in iOS 12 and macOS Mojave.

Learn Programming & Development with a Packt Subscription

The vulnerability is caused by a heap buffer overflow in the networking code within the XNU kernel. XNU is a kernel system developed by Apple. It is used in both iOS and macOS, hence most iPhones, iPads, and Macbooks are affected.

An attacker merely needs to send a malicious IP packet the target device’s IP address to trigger this. The vulnerability is triggered only if the attacker is in the same network as the target. This becomes easy if you’re using a free WiFi network from a coffee shop. The vulnerability being in the kernel, anti-viruses cannot protect your device.

The attacker can control the size and content of the heap buffer giving a potential to gain remote code execution of a device.

There are two known mitigations against this kernel vulnerability:

  1. Enabling stealth mode in the macOS firewall prevents the attack from taking place.
  2. Don’t use public WiFi networks as there is a high risk of being attacked.

These OS versions and devices are vulnerable:

  • All devices with Apple iOS 11 and earlier
  • All Apple macOS High Sierra devices up to 10.13.6. This is patched in security update 2018-001.
  • Devices using Apple macOS Sierra up to 10.12.6. This is patched in security update 2018-005.
  • Apple OS X El Capitan and earlier devices

The kernel vulnerability was reported by Kevin Backhouse to Apple in time to be rolled out with iOS 12 and macOS Mojave. The vulnerabilities were announced on October 30.

For more details visit the LGMT website.

Read next

Final release for macOS Mojave is here with new features, security changes and a privacy flaw

The kernel community attempting to make Linux more secure

Apple has introduced Shortcuts for iOS 12 to automate your everyday tasks

© Packt Publishing Ltd