Security News > 2024 > January > CISA warns of patched iPhone kernel bug now exploited in attacks

CISA warns of patched iPhone kernel bug now exploited in attacks
2024-01-31 19:02

CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks.

Tracked as CVE-2022-48618 and discovered by Apple's security researchers, the bug was only disclosed on January 9th in an update to a security advisory published in December 2022.

While Apple has yet to share more details on CVE-2022-48618 active exploitation in the wild, CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog.

Last week, Apple also released security updates to patch this year's first zero-day bug exploited in attacks, a WebKit confusion issue that attackers could exploit to gain code execution on vulnerable iPhones, Macs, and Apple TVs. The same day, the company also backported patches to older iPhone and iPad models for two more WebKit zero-days tracked as CVE-2023-42916 and CVE-2023-42917 and patched in November for newer devices.

Apple fixes first zero-day bug exploited in attacks this year.

iPhone Triangulation attack abused undocumented hardware feature.


News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-patched-iphone-kernel-bug-now-exploited-in-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2022-48618 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apple products
The issue was addressed with improved checks.
local
high complexity
apple CWE-367
7.0
2023-11-30 CVE-2023-42917 Out-of-bounds Write vulnerability in multiple products
A memory corruption vulnerability was addressed with improved locking.
network
low complexity
apple debian fedoraproject webkitgtk CWE-787
8.8
2023-11-30 CVE-2023-42916 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read was addressed with improved input validation.
network
low complexity
apple fedoraproject debian webkitgtk CWE-125
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kernel 3 0 7 4 1 12