The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently identified a critical security flaw affecting various Apple devices, including iPhones, iPads, Macs, Apple TVs, and Apple Watches. This flaw, known as CVE-2022-48618 with a severity score of 7.8, was found in the devices’ kernel component, allowing attackers with specific capabilities to bypass security measures known as Pointer Authentication. Apple has acknowledged that this vulnerability, which predates iOS version 15.7.1, might have been actively exploited.
To address this issue, Apple released patches on December 13, 2022, with updates for its operating systems, though the vulnerability was only disclosed to the public in January 2024. This is not the first time Apple has dealt with such a kernel flaw; a similar issue was fixed in July 2022.
In response to the exploitation of CVE-2022-48618, CISA has advised Federal Civilian Executive Branch agencies to apply the necessary updates by February 21, 2024. Additionally, Apple has also updated its Apple Vision Pro headset to patch another exploited security flaw in the WebKit browser engine, highlighting the company’s ongoing efforts to protect its devices against security threats.