News

CVE-2022-48618: Exploitation of Critical Flaws in Apple iOS and macOS

On Wednesday 1/31/24, the U.S. Cybersecurity and Infrastructure Security Agency added multiple iOS devices including macOS, iPhone, iPad, watchOS, tvOS, as affected devices to its list of devices compromised by a recent ongoing vulnerability called CVE-2022-48618.

What is CVE-2022-48618

CVE-2022-48618 is a recently discovered vulnerability. This flaw can be used by hackers to potentially steal data from Apple iOS-based devices. Meanwhile, the vulnerability has received 7.8 CVSS score which is actually considered very risky.

Further reports indicate that CVE-2022-48618 is related to kernel component bugs. The kernel is the central component of the operating system which means it has access to memory and other essential system resources. If hackers can find a vulnerability in Kernal, they can get access to OS, memory, and other important system resources.

Apple stated in an advisory that attackers with arbitrary read and write capabilities may bypass Pointer Authentication. Apple further mentioned that the CVE-2022-48618 vulnerability might have been exploited in iOS versions prior to iOS 15.7.1.

Its quite interesting that on December 13, 2022, Apple released patches for iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, and watchOS 9.2. However, the critical Kernel vulnerability was not made public until January 9, 2024, almost a year later.

CVE-2022-48618

How This Hack Works:

Apple iOS uses Pointer authentication to restrict memory access with cryptographic signatures. This means, only authorized programs with the correct credentials can access it allocated memory. However, by bypassing pointer authentication hackers can install programs with malicious codes attached to them.

Well, the Kernal vulnerability is not new for iOS devices. Back in July 2022, a similar flaw called CVE-2022-32844 was patched by Apple.

No matter how advanced and safe the device you are using, hackers will eventually find a way in. Such an incident is a reminder of how vulnerable our digital world is. Therefore, we should always practice caution and constant vigilance. It is crucial to keep your devices updated and to keep necessary security features active.

About the author

admin

Leave a Comment