CISA Warns of Active Exploitation of Flaw in Apple iOS and macOS
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component.
“An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication,” Apple said in an advisory, adding the issue “may have been exploited against versions of iOS released before iOS 15.7.1.”
The iPhone maker said the problem was addressed with improved checks. It’s currently not known how the vulnerability is being weaponized in real-world attacks.
Interestingly, patches for the flaw were released on December 13, 2022, with the release of iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, and watchOS 9.2, although it was only publicly disclosed more than a year later on January 9, 2024.
It’s worth noting that Apple did resolve a similar flaw in the kernel (CVE-2022-32844, CVSS score: 6.3) in iOS 15.6 and iPadOS 15.6, which was shipped on July 20, 2022.
“An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication,” the company said at the time. “A logic issue was addressed with improved state management.”
In light of the active exploitation of CVE-2022-48618, CISA is recommending that Federal Civilian Executive Branch (FCEB) agencies apply the fixes by February 21, 2024.
The development also comes as Apple expanded patches for an actively exploited security flaw in the WebKit browser engine (CVE-2024-23222, CVSS score: 8.8) to include its Apple Vision Pro headset. The fix is available in visionOS 1.0.2.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.