A heap buffer overflow vulnerability was found in Apple’s XNU OS kernels by Kevin Backhouse. An exploit can potentially cause any iOS or macOS device on the same network to reboot, without any user interaction. Apple has classified this kernel vulnerability as a remote code execution (RCE) vulnerability in the kernel. It may be possible to exploit buffer overflow to execute arbitrary code in the kernel.
The vulnerability is fixed in iOS 12 and macOS Mojave.
The vulnerability is caused by a heap buffer overflow in the networking code within the XNU kernel. XNU is a kernel system developed by Apple. It is used in both iOS and macOS, hence most iPhones, iPads, and Macbooks are affected.
An attacker merely needs to send a malicious IP packet the target device’s IP address to trigger this. The vulnerability is triggered only if the attacker is in the same network as the target. This becomes easy if you’re using a free WiFi network from a coffee shop. The vulnerability being in the kernel, anti-viruses cannot protect your device.
The attacker can control the size and content of the heap buffer giving a potential to gain remote code execution of a device.
There are two known mitigations against this kernel vulnerability:
- Enabling stealth mode in the macOS firewall prevents the attack from taking place.
- Don’t use public WiFi networks as there is a high risk of being attacked.
These OS versions and devices are vulnerable:
- All devices with Apple iOS 11 and earlier
- All Apple macOS High Sierra devices up to 10.13.6. This is patched in security update 2018-001.
- Devices using Apple macOS Sierra up to 10.12.6. This is patched in security update 2018-005.
- Apple OS X El Capitan and earlier devices
The kernel vulnerability was reported by Kevin Backhouse to Apple in time to be rolled out with iOS 12 and macOS Mojave. The vulnerabilities were announced on October 30.
For more details visit the LGMT website.