Security News > 2024 > January > CISA warns of patched iPhone kernel bug now exploited in attacks
CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks.
Tracked as CVE-2022-48618 and discovered by Apple's security researchers, the bug was only disclosed on January 9th in an update to a security advisory published in December 2022.
While Apple has yet to share more details on CVE-2022-48618 active exploitation in the wild, CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog.
Last week, Apple also released security updates to patch this year's first zero-day bug exploited in attacks, a WebKit confusion issue that attackers could exploit to gain code execution on vulnerable iPhones, Macs, and Apple TVs. The same day, the company also backported patches to older iPhone and iPad models for two more WebKit zero-days tracked as CVE-2023-42916 and CVE-2023-42917 and patched in November for newer devices.
Apple fixes first zero-day bug exploited in attacks this year.
iPhone Triangulation attack abused undocumented hardware feature.
News URL
Related news
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2022-48618 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apple products The issue was addressed with improved checks. | 7.0 |
| 2023-11-30 | CVE-2023-42917 | Out-of-bounds Write vulnerability in Apple products A memory corruption vulnerability was addressed with improved locking. | 8.8 |
| 2023-11-30 | CVE-2023-42916 | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 6.5 |