The Cybersecurity and Infrastructure Security Agency (CISA) has warned of an actively exploited kernel security flaw affecting a range of Apple devices. The vulnerability, labeled as CVE-2022-48618, was discovered by Apple's security team and disclosed on January 9th, though it remains unclear whether it was covertly patched when the advisory was first issued over two years ago.
The flaw allows an attacker with arbitrary read and write capability to bypass Pointer Authentication, a security measure aimed at preventing attacks exploiting memory corruption bugs. Apple stated, 'An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.'
This improper authentication vulnerability permits adversaries to circumvent Pointer Authentication. Apple has addressed this issue with enhanced checks on devices running iOS 16.2 or later, iPadOS 16.2 or later, macOS Ventura or newer, tvOS 16.2 or higher, and watchOS 9.2 or later. The flaw impacts an extensive list of devices, both old and new.
While Apple has not provided further details on the active exploitation of CVE-2022-48618, CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog. It has also mandated U.S. federal agencies to patch the bug by February 21st, pursuant to a binding operational directive (BOD 22-01) issued in November 2021.
Last week, Apple released security updates to address this year's first zero-day bug, CVE-2024-23222, which is being exploited in attacks. This WebKit confusion issue could be exploited by attackers to execute code on vulnerable iPhones, Macs, and Apple TVs. On the same day, Apple also provided patches for older iPhone and iPad models for two additional WebKit zero-days, CVE-2023-42916 and CVE-2023-42917, which were patched in November for newer devices.