CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks.
The company has yet to reveal if the vulnerability was also silently patched more than two years ago when the advisory was first issued.
“An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication,” the company revealed this month.
“Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.”
This improper authentication security vulnerability enables attackers to bypass Pointer Authentication, a security feature designed to block attacks trying to exploit memory corruption bugs.
Apple addressed the flaw with improved checks on devices running iOS 16.2 or later, iPadOS 16.2 or later, macOS Ventura or newer, tvOS 16.2 or higher, and watchOS 9.2 or later.
The list of devices impacted by this actively exploited flaw is quite extensive and it affects both older and newer models, including:
- iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Macs running macOS Ventura
- Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD
- and Apple Watch Series 4 and later
Federal agencies ordered to patch by February 21st
It also ordered U.S. federal agencies to patch the bug by February 21st, as required by a binding operational directive (BOD 22-01) issued in November 2021.
Last week, Apple also released security updates to patch this year’s first zero-day bug (CVE-2024-23222) exploited in attacks, a WebKit confusion issue that attackers could exploit to gain code execution on vulnerable iPhones, Macs, and Apple TVs.