Apple has patched critical vulnerabilities in XNU, the kernel of macOS and iOS. A security company found two types of vulnerabilities in XNU. One of them allowed an attacker to remotely execute arbitrary code within the same network.
In August 2018, security firm Semmle found a vulnerability related to the way the network code of XNU handles packets of the internet control message protocol, or ICMP. It is a heap buffer overflow that allows an attacker to crash a device, but also allows a malicious person to run arbitrary code on a vulnerable system, or extract data from it. The iPad, iPhone or Mac must be on the same network as the attacker, but user interaction is not necessary, which makes the impact relatively large.
Apple has patched the ICMP vulnerability in macOS Sierra 10.12.6, High Sierra 10.13.6, Mojave, and iOS 12. According to Semmle, it is still present in iOS 11 where the advice is to upgrade.
In addition, in May 2018, Semmle found five vulnerabilities related to nfs, or the network file system in macOS. These allow an attacker to mount a specially crafted nfs volume on a system, for example via a guest account, to gain elevated kernel privileges. Because those rights are higher than even administrator rights, an attacker gains full control over a system.
MacOS High Sierra 10.13.5 and earlier versions of the OS were vulnerable. Apple patched the vulnerabilities with the release of version 10.13.6 in July. This week, Apple revealed that it has patched the vulnerabilities. Semmle emphasizes that security experts can help check the kernel for security because the source code is partly open source.