Saved in:
Bibliographic Details
Main Authors: Porat, Ehood, Klein, Amit, Pinkas, Benny
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2606.00918
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910276769546240
author Porat, Ehood
Klein, Amit
Pinkas, Benny
author_facet Porat, Ehood
Klein, Amit
Pinkas, Benny
contents We present a novel, practical attack on the IPv6 Fragment ID generation algorithm of XNU, which is the kernel used by Apple products such as macOS and iOS. This attack exploits a race-condition vulnerability in the algorithm's pseudorandom number generator (PRNG) to cryptanalytically break, learn the internal state of the generator, and consequently predict fragment IDs, which, in turn, facilitates an IPv6 fragment spoofing attack. As far as we know, this is the first cryptanalytic attack that is based on exploiting race-conditions. With fragment spoofing, it is possible to partially manipulate UDP datagrams and TCP segments. We showcase a new type of attack on NFS (UDP) where an off-path attacker modifies a file as it is written, and an attack on HTTP (TCP) where an off-path attacker modifies an HTTP request. Apple assigned this vulnerability the CVE identifier CVE-2024-27823 and patched all its XNU-based products against the attack.
format Preprint
id arxiv_https___arxiv_org_abs_2606_00918
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle One (Thread) Can Keep a (PRNG) Secret, but not Two
Porat, Ehood
Klein, Amit
Pinkas, Benny
Cryptography and Security
We present a novel, practical attack on the IPv6 Fragment ID generation algorithm of XNU, which is the kernel used by Apple products such as macOS and iOS. This attack exploits a race-condition vulnerability in the algorithm's pseudorandom number generator (PRNG) to cryptanalytically break, learn the internal state of the generator, and consequently predict fragment IDs, which, in turn, facilitates an IPv6 fragment spoofing attack. As far as we know, this is the first cryptanalytic attack that is based on exploiting race-conditions. With fragment spoofing, it is possible to partially manipulate UDP datagrams and TCP segments. We showcase a new type of attack on NFS (UDP) where an off-path attacker modifies a file as it is written, and an attack on HTTP (TCP) where an off-path attacker modifies an HTTP request. Apple assigned this vulnerability the CVE identifier CVE-2024-27823 and patched all its XNU-based products against the attack.
title One (Thread) Can Keep a (PRNG) Secret, but not Two
topic Cryptography and Security
url https://arxiv.org/abs/2606.00918