January 31, 2024 at 02:08PM
CISA warned of actively exploited kernel security flaw in Apple iPhones, Macs, TVs, and watches (CVE-2022-48618), allowing attackers to bypass Pointer Authentication. Apple addressed the flaw in iOS 16.2, macOS Ventura, and others. Devices affected include iPhone 8 and later, iPads, Macs, Apple TVs, and Apple Watches. Federal agencies ordered to patch by February 21st.
Key Takeaways from the Meeting Notes:
1. CISA has warned about an actively exploited security flaw, tracked as CVE-2022-48618, affecting Apple iPhones, Macs, TVs, and watches.
2. The flaw, discovered by Apple’s security researchers, was only disclosed in an update to a security advisory in December 2022, with no confirmation if it was patched more than two years ago.
3. This vulnerability allows attackers to bypass Pointer Authentication, impacting devices running iOS 15.7.1 and earlier, macOS Ventura and earlier, tvOS 16.2 and earlier, and watchOS 9.2 and earlier.
4. Federal agencies have been ordered to patch the bug by February 21st as per a binding operational directive (BOD 22-01) issued in November 2021.
5. Apple also released security updates to address a zero-day bug (CVE-2024-23222) and backported patches for two WebKit zero-days (CVE-2023-42916 and CVE-2023-42917) for older iPhone and iPad models.