Another high severity security flaw has hit iOS and macOS devices - so update now

CISA warns flaw is already being abused in the wild

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A high-severity flaw found in different Mac devices has been observed being abused in the wild, with users advised to apply the patch, which has been available for some time now, as soon as possible.

The warning wassharedby the U.S. Cybersecurity and Infrastructure Agency (CISA) as it added the flaw to its list of Known Exploited Vulnerabilities (KEV), meaning it spotted hackers using it.

The flaw in question is tracked as CVE-2022-48618, and carries a severity score of 7.8. It is described as a bug in the kernel component, affecting iOS, iPadOS, macOS, tvOS, and watchOS devices.

Danger to the government

“An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication,“Appleexplained the bug in its security advisory. The problem “may have been exploited against versions of iOS released before iOS 15.7.1.”

As is almost common practice with these vulnerabilities, Apple fixed it with improved checks. At the moment, we don’t know who the threat actors are, or how they weaponized the vulnerability. It is also unknown if the flaw was used to exfiltrate data, deploymalware, or evenransomware.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA explained, sounding the alarm for government firms who are popular targets among cybercriminals.

According toThe Hacker News, Apple fixed this flaw a long time ago - on December 13, 2022, back when it pushed iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, and watchOS 9.2. However, it only notified the public in early January this year. The same publication also said that Apple already fixed a similar issue, back in July 2022 - CVE-2022-32844 (CVSS score 6.3).

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call