On December 13, 2022 [1] [4] [5], Apple addressed a high-severity vulnerability, known as CVE-2022-48618 [3] [4], in their kernel component [4]. This flaw allows attackers to bypass Pointer Authentication and affects various Apple operating systems.
Description
The vulnerability, with a CVSS score of 7.8 [4], was discovered in December 2022 and has been exploited in versions of iOS prior to 15.7.1. It poses a significant risk, potentially being exploited in older versions [1]. Apple released patches for this vulnerability in version 16.2 of iOS, iPadOS [1] [2] [3] [4], and tvOS [2] [3], as well as in macOS Venture 13.1 and watchOS 9.2 [2]. The US Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to apply the fixes by February 21, 2024. The public disclosure of this vulnerability occurred on January 9, 2024 [4] [5]. Currently, the real-world impact of this vulnerability is unknown. It is worth noting that Apple had previously addressed a similar flaw, CVE-2022-32844 [1], in iOS 15.6 and iPadOS 15.6 [1].
Conclusion
The release of patches by Apple for the CVE-2022-48618 vulnerability is a crucial step in mitigating the risk it poses. The timely application of these fixes by federal agencies, as mandated by CISA, is essential to ensure the security of Apple operating systems. However, the real-world impact of this vulnerability remains uncertain, highlighting the need for continued vigilance and monitoring. Apple’s previous addressing of a similar flaw demonstrates their commitment to addressing security vulnerabilities promptly.
References
[1] https://thehackernews.com/2024/02/cisa-warns-of-active-exploitation-of.html
[2] https://www.forbes.com/sites/daveywinder/2024/02/01/iphone-under-attack-us-government-issues-21-days-to-comply-warning/
[3] https://securityaffairs.com/158412/security/cisa-apple-bug-to-known-exploited-vulnerabilities-catalog.html
[4] https://www.redpacketsecurity.com/cisa-warns-of-active-exploitation-of-flaw-in-apple-ios-and-macos/
[5] https://sensorstechforum.com/cve-2022-48618-macos-ios/
