Apple iOS and macOS vulnerability from 2022 actively exploited

published: Feb. 2, 2024

Take action: This is an older patch, but there are still a lot of iOS/MacOS devices which haven't been updated. Don't become another target. It's simple to update.

Learn More

The Cybersecurity and Infrastructure Security Agency (CISA) is reporting of active attacks and exploit of a flaw in Apple's iOS and macOS systems, tracked as CVE-2022-48618 (CVSS score 7.8). This vulnerability allows attackers to circumvent Pointer Authentication, thereby obtaining unauthorized read and write privileges on the affected systems.

The agency has called for immediate actions from users to secure their devices against potential exploitation.

Impacted systems include :

  • macOS Ventura up to version 13.1,
  • watchOS before version 9.2,
  • iOS and iPadOS before version 16.2,
  • tvOS before version 16.2.

Apple has already released patches to mitigate the issue through software updates, such as iOS 16.2 and macOS Ventura 13.1, incorporating additional security measures to protect against exploitation.

CISA has mandated all U.S. federal agencies to apply the necessary fixes by February 21, under the binding operational directive BOD 22-01 issued in November 2021, underscoring the critical need for vigilance and timely updates to safeguard against such vulnerabilities.

Apple iOS and macOS vulnerability from 2022 actively exploited