Cyber security news for all


    CISA Warns of Active Exploitation in Apple iOS and macOS

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted about the active exploitation of a high-severity vulnerability affecting iOS, iPadOS, macOS, tvOS, and watchOS. Tracked as CVE-2022-48618 with a CVSS score of 7.8, the flaw resides in the kernel component, allowing an attacker with arbitrary read and write capabilities to potentially bypass Pointer Authentication. Apple addressed the issue with improved checks in versions released after iOS 15.7.1. Despite patches being released on December 13, 2022, the vulnerability was only publicly disclosed on January 9, 2024. CISA recommends applying fixes by February 21, 2024, for Federal Civilian Executive Branch agencies. This follows Apple’s recent expansion of patches for an actively exploited WebKit flaw to include its Apple Vision Pro headset.

    Recent Articles

    Related Stories