Another serious security vulnerability has affected iOS and macOS devices, so update now
A very serious flaw has been observed being exploited in the wild in several Mac devices, with users advised to apply the patch, which has been available for a while, as soon as possible.
The warning sounded shared by the US Cybersecurity and Infrastructure Agency (CISA) as it added the flaw to its list of Known Exploited Vulnerabilities (KEV), meaning hackers were exploiting it.
The flaw in question is tracked as CVE-2022-48618 and has a severity score of 7.8. It is described as a kernel component bug that affects iOS, iPadOS, macOS, tvOS and watchOS devices.
Danger to the government
“An attacker with arbitrary read and write capabilities could potentially bypass Pointer Authentication,” Apple explains the bug in its security advisory. The issue “may have been exploited against versions of iOS released before iOS 15.7.1.”
As is almost common with these vulnerabilities, Apple has addressed this with improved controls. At this point, we don’t know who the threat actors are, or how they weaponized the vulnerability. It is also unknown whether the flaw was used to exfiltrate data, deploy malware or even ransomware.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA explained, sounding the alarm for government companies that are popular targets among cybercriminals.
According to The hacker newsApple fixed this bug a long time ago – on December 13, 2022, when it pushed iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, and watchOS 9.2. However, it only informed the public in early January this year. The same publication also stated that Apple had already resolved a similar issue in July 2022: CVE-2022-32844 (CVSS score 6.3).