The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced the identification of a significant security flaw targeting the iOS, iPadOS, macOS, tvOS, and watchOS platforms. This vulnerability has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, suggesting ongoing exploitation in the wild.
Labeled as CVE-2022-48618 with a high CVSS score of 7.8, the issue originates from a defect in the kernel component. According to Apple, this flaw could allow attackers with unauthorized read and write access to circumvent Pointer Authentication mechanisms, potentially impacting versions of iOS released prior to iOS 15.7.1.
Apple has acknowledged the flaw, stating that it was mitigated with enhanced verification processes, yet the specifics remain unclear regarding how this vulnerability has been exploited in actual attacks.
Interestingly, fixes for this vulnerability were released on December 13, 2022, as part of updates such as iOS 16.2 and macOS Ventura 13.1. However, the public disclosure did not occur until January 9, 2024, highlighting a lag in communication regarding critical cybersecurity information.
Furthermore, it is pertinent to mention that Apple previously addressed a similar kernel vulnerability, designated as CVE-2022-32844 with a CVSS score of 6.3, during the release of iOS 15.6 in July 2022. The relationship between these two vulnerabilities remains uncertain.
CISA has urged Federal Civilian Executive Branch (FCEB) agencies to implement the necessary patches by February 21, 2024, in response to the alarming exploitation of CVE-2022-48618. This recommendation underscores the urgency for organizations to prioritize cybersecurity hygiene and ensure their systems are updated against known vulnerabilities.
This development coincides with Apple’s proactive response to an actively exploited security issue in the WebKit browser engine, identified as CVE-2024-23222, which has a critical CVSS score of 8.8. Patches for this vulnerability have also been extended to their Apple Vision Pro headset, further demonstrating the breadth of Apple’s commitment to cybersecurity.
The exploit techniques associated with CVE-2022-48618 may involve initial access through various malware delivery methods, persistence through backdoor mechanisms, and privilege escalation to gain unauthorized control over affected devices. Such methods align with the MITRE ATT&CK framework, indicating a sophisticated understanding and execution of cyber-attack strategies among malicious actors.
As the cybersecurity landscape continues to evolve, business owners must remain vigilant and informed about such vulnerabilities to enhance their defenses against potential cyber threats.
