Security News > 2024 > January > CISA warns of patched iPhone kernel bug now exploited in attacks
CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks.
Tracked as CVE-2022-48618 and discovered by Apple's security researchers, the bug was only disclosed on January 9th in an update to a security advisory published in December 2022.
While Apple has yet to share more details on CVE-2022-48618 active exploitation in the wild, CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog.
Last week, Apple also released security updates to patch this year's first zero-day bug exploited in attacks, a WebKit confusion issue that attackers could exploit to gain code execution on vulnerable iPhones, Macs, and Apple TVs. The same day, the company also backported patches to older iPhone and iPad models for two more WebKit zero-days tracked as CVE-2023-42916 and CVE-2023-42917 and patched in November for newer devices.
Apple fixes first zero-day bug exploited in attacks this year.
iPhone Triangulation attack abused undocumented hardware feature.
News URL
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-09 | CVE-2022-48618 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apple products The issue was addressed with improved checks. | 7.0 |
2023-11-30 | CVE-2023-42917 | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability was addressed with improved locking. | 8.8 |
2023-11-30 | CVE-2023-42916 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was addressed with improved input validation. | 6.5 |