Windows 10 News and info | Forum
July 06, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Software Bug Affected All Apple Devices  (Read 202 times)
Hero Member
Online Online

Gender: Male
United States United States

Posts: 31564

I Do Windows

WWW Email
« on: November 03, 2018, 03:58:36 AM »

Kevin Backhouse, a researcher from  U.S.-based security company Semmle, has uncovered six software vulnerabilities in Appleís XNU operating system kernel, which is used in all of Apple's devices. The vulnerabilities have affected more than 1.3 billion devices worldwide.

According to the Semmle researcher, the critical vulnerabilities exist in the XNU kernel used by Appleís iOS, macOS, tvOS and watchOS operating systems. Backhouse said attackers could use these low-level software flaws to take remotely control any Apple device on the same network.

The vulnerabilities exist in the kernelís networking code and its client-side Network File System (NFS) implementation. The first vulnerability is a heap buffer overflow flaw in the ICMP packet-handling module of the XNU kernelís networking code (CVE-2018-4407). An attacker could use this bug to run arbitrary code on a userís machine, extract data, or cause a reboot.

Backhouse also warned that because the flaw can be so easily exploited, it could be automated as a denial-of-service attack, which may then crash all affected devices on a network, potentially shutting down an entire organization. User interaction is not required for attackers to be able to take advantage of this vulnerability.

The five bugs the researcher found in Appleís NFS implementation could also allow attackers to read, write and delete files on a userís NFS-mounted drive, as well as install applications or wipe the device entirely. The NFS implementation bugs primarily affect macOS machines.

Disclosure and Mitigation

Backhouse discovered the vulnerabilities as part of his work for Semmle. He privately disclosed the ICMP packet handling vulnerability to Apple on August 9, and Apple acknowledged the security issues the same day. Apple also released patches for iOS 12 on September 12 and for the Mojave macOS edition on September 24.

Backhouse told Apple about the NFS implementation vulnerabilities in May, and Apple fixed those vulnerabilities in macOS version 10.13.6 on July 9.

Apple made all the vulnerabilities public on October 30. However, Backhouse also noted that only 60 percent of iOS devices have implemented the iOS 12 update, which means a large portion of Apple customers are still affected by some of these bugs. If you havenít updated your Apple devices to the latest version yet, it may be time to do that.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 26, 2020, 08:10:09 PM