February 1, 2024 at 12:32AM
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity flaw affecting Apple operating systems to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2022-48618, the bug could allow an attacker to bypass Pointer Authentication. Apple addressed the issue with improved checks, and CISA recommends applying fixes by February 21, 2024.
Key takeaways from the meeting notes:
1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw impacting various Apple operating systems to its Known Exploited Vulnerabilities (KEV) catalog.
2. The vulnerability, tracked as CVE-2022-48618, concerns a bug in the kernel component, with a CVSS score of 7.8.
3. The flaw allows an attacker with arbitrary read and write capability to bypass Pointer Authentication.
4. Apple released patches for the flaw in December 2022, but it was publicly disclosed more than a year later, in January 2024.
5. CISA is recommending that Federal Civilian Executive Branch (FCEB) agencies apply the fixes by February 21, 2024, due to active exploitation of the vulnerability.
6. Apple also expanded patches for an actively exploited security flaw in the WebKit browser engine to include its Apple Vision Pro headset, with the fix available in visionOS 1.0.2.