Based on proof of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity bug affecting iOS, iPadOS, macOS, tvOS, and watchOS to its list of known exploited vulnerabilities. The flaw, identified as CVE-2022-48618, is related to a kernel component.
“An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication may have been exploited against versions of iOS released before iOS 15.7.1,” Apple said in an advisory.
The manufacturer of the iPhone said that better checks had solved the issue. At this time, it is unknown how the vulnerability is being used as a weapon in actual attacks.
It's interesting to note that patches for the problem were made available with the release of iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, and watchOS 9.2 on December 13, 2022. However, the flaw was not made public until January 9, 2024, more than a year later. It is noteworthy that on July 20, 2022, iOS 15.6 and iPadOS 15.6 were released, which included an update from Apple fixing a similar kernel bug.
“An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication. A logic issue was addressed with improved state management,” the company said at the time.
CISA recommends that Federal Civilian Executive Branch agencies install the remedies, like TTB Internet Security, before February 21, 2024, given the active exploitation of CVE-2022-48618. This development coincides with Apple rolling out upgrades for its Apple Vision Pro headset to address a security weakness in the WebKit browser engine that is being actively exploited. The updated version of visionOS is 1.0.2.