2024-02-01 17:23:00
The cyber security agency CISA warns of an old kernel vulnerability in Apple operating systems for which a patch is already available. There are indications of active exploitation of the security gap, the authority now announced. It has therefore added the bug to its catalog of “Known Exploited Vulnerabilities”, which means that US authorities are now required to patch their devices – or to stop using them if there are no longer any updates for them.
Advertisement
Apple only documented the gap in January
As CVE-2022-48618 The vulnerability, classified as severe, allows an attacker with extended read and write rights to bypass the Pointer Authentication security mechanism, as Apple recently announced. The bug has been fixed through improved checks. The company apparently discovered the error itself.
The gap has already been fixed with the updates iOS 16.2, iPadOS 16.2, macOS 13.1, watchOS 9.2 and tvOS 16.2 in December 2022. However, Apple did not add a corresponding addendum to its security information until the beginning of January 2024, where it also pointed out that the vulnerability “may have been exploited for iOS versions that were released before iOS 15.7.1”. Although Apple still delivers updates for iOS 15 sporadically, a patch for CVE-2022-48618 is not documented, so it remains unclear whether the gap is still open there.
All patches only for latest iOS version
Although Apple continues to provide older operating systems with security updates, all known vulnerabilities are only eliminated in the very latest version, currently iOS 17 and macOS 14 Sonoma. Once popular iPhone series such as the iPhone 6s and iPhone 7 only run on iOS 15 at most, and iPads such as the iPad Air 2 cannot be updated to iPadOS 16 or newer.
(lbe)
To home page
1706829702
#CISA #Warning #iPhone #vulnerability #actively #exploited