Apple iOS and macOS Vulnerability

CISA Warns Against Active Exploitation Apple iOS and macOS Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw affecting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploit Vulnerabilities (KEV) catalog based on evidence of active exploitation.

The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), relates to a bug in the kernel component.
An attacker with arbitrary read and write capabilities could bypass Pointer Authentication," Apple said in an advisory, adding that the issue "may have been exploited against versions of iOS released prior to iOS 15.7.1."


The iPhone maker said the issue was resolved with improved controls. It is currently unknown how this vulnerability is weaponized in real-world attacks.

Interestingly, patches for the flaw were released on December 13, 2022, with the release of iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, and watchOS 9.2, but were not publicly released more than a year later on January 9. 2024.

It is worth noting that Apple has resolved a similar flaw (CVE-2022-32844, CVSS score: 6.3) in the kernel in iOS 15.6 and iPadOS 15.6 shipped on July 20, 2022. relating to.

An application with arbitrary kernel read and write capability can bypass Pointer Authentication,” the company said at the time. "A logic issue was fixed by improving state management."

In light of the active use of CVE-2022-48618, CISA recommends that Federal Civilian Executive Branch (FCEB) agencies implement fixes by February 21, 2024.

This development also comes as Apple has expanded patches for an actively exploited vulnerability in the WebKit browser engine ( CVE-2024-23222 , CVSS score: 8.8) to include the Apple Vision Pro headset. The fix is available in VisionOS 1.0.2.

Please do not click on links that you do not trust or are unsure of. Stay safe.