This work uncovers a vulnerability in the IPv6 fragment identification (ID) generation algorithm within the XNU kernel, where a multi-threaded race condition undermines the intended randomness, enabling remote attackers to predict fragment IDs and mount IPv6 fragmentation spoofing attacks. We introduce, for the first time, a race-condition-based cryptanalytic technique that recovers the internal state of the pseudo-random number generator (PRNG), thereby violating conventional PRNG security assumptions. By integrating this capability with deep protocol semantics understanding, we demonstrate practical UDP and TCP payload manipulation. The attack is successfully exploited against remote NFS and HTTP services, prompting Apple to assign CVE-2024-27823 and deploy comprehensive fixes. This study exposes a novel attack surface in concurrent random number generation, highlighting critical implications for kernel-level network security.

We present a novel, practical attack on the IPv6 Fragment ID generation algorithm of XNU, which is the kernel used by Apple products such as macOS and iOS. This attack exploits a race-condition vulnerability in the algorithm's pseudorandom number generator (PRNG) to cryptanalytically break, learn the internal state of the generator, and consequently predict fragment IDs, which, in turn, facilitates an IPv6 fragment spoofing attack. As far as we know, this is the first cryptanalytic attack that is based on exploiting race-conditions. With fragment spoofing, it is possible to partially manipulate UDP datagrams and TCP segments. We showcase a new type of attack on NFS (UDP) where an off-path attacker modifies a file as it is written, and an attack on HTTP (TCP) where an off-path attacker modifies an HTTP request. Apple assigned this vulnerability the CVE identifier CVE-2024-27823 and patched all its XNU-based products against the attack.