Security News > 2024 > January > CISA warns of patched iPhone kernel bug now exploited in attacks

CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks.

Tracked as CVE-2022-48618 and discovered by Apple's security researchers, the bug was only disclosed on January 9th in an update to a security advisory published in December 2022.

While Apple has yet to share more details on CVE-2022-48618 active exploitation in the wild, CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog.

Last week, Apple also released security updates to patch this year's first zero-day bug exploited in attacks, a WebKit confusion issue that attackers could exploit to gain code execution on vulnerable iPhones, Macs, and Apple TVs. The same day, the company also backported patches to older iPhone and iPad models for two more WebKit zero-days tracked as CVE-2023-42916 and CVE-2023-42917 and patched in November for newer devices.

Apple fixes first zero-day bug exploited in attacks this year.

iPhone Triangulation attack abused undocumented hardware feature.

News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-patched-iphone-kernel-bug-now-exploited-in-attacks/