[CDP-development] TLP:GREEN (Vulnerability Alert Notification) CVE-2022-48618: Apple Multiple Products Improper Authentication Vulnerability

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Wed Jan 31 10:10:24 PST 2024 

Good morning,

The SOC Services team is reporting on the vulnerability: CVE-2022-48618: Apple Multiple Products Improper Authentication Vulnerability. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On January 31, 2024, CISA added CVE-2022-48618 to the Known Exploited Vulnerabilities Catalog. CVE-2022-48618 has been assigned an CVSS score of 7.8.

Affected Products:

  *   iPhone 8 and later
  *   iPad Pro (all models)
  *   iPad Air 3rd generation and later
  *   iPad 5th generation and later
  *   iPad mini 5th generation and later
  *   macOS Ventura
  *   Apple TV 4K
  *   Apple TV 4K (2nd generation and later)
  *   Apple TV HD
  *   Apple Watch Series 4 and later

Fixed versions:

  *   iOS 16.2 and later
  *   iPadOS 16.2 and later
  *   macOS Ventura 13.1 and later
  *   tvOS 16.2 and later
  *   watchOS 9.2 and later

Security notifications from Apple can be found below.
https://support.apple.com/en-us/HT213530
https://support.apple.com/en-us/HT213532
https://support.apple.com/en-us/HT213535
https://support.apple.com/en-us/HT213536

Intelligence: As of January 31, 2024, the vulnerability has been confirmed as being exploited in the wild. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.

Workarounds: There are no workarounds for this vulnerability.

How it works: Apple has not released any information as to how this vulnerability has been exploited.

Post-Exploit: Upon successful exploitation of the vulnerability, an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

The following vulnerability plugins have been released and are currently in Tenable Security Center:
Plugin
Title
Severity
169649<https://www.tenable.com/plugins/nessus/169649>
Apple TV < 16.2 Multiple Vulnerabilities (HT213535)
Critical
168872<https://www.tenable.com/plugins/nessus/168872>
Apple iOS < 16.2 Multiple Vulnerabilities (HT213530)
Critical
168697<https://www.tenable.com/plugins/nessus/168697>
macOS 13.x < 13.1 Multiple Vulnerabilities (HT213532)
Critical

Additional Resources: The InTune team has provide the attached documents, which can be tailored to your needs. They provide answers to frequently asked questions about iOS updates from the perspective of both technicians and users, as well as the update process.

Recommended Actions:


  *   Ensure mobile devices are charged to 50% and are plugged into a charger.
  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.


[cid:image001.png at 01DA5429.D45CBA10]
Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378
"Ensuring user-friendly, reliable and secure state technology systems that serve Oregonians."


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240131/9f39487f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240131/9f39487f/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Apple_OS_Updates_Process.pdf
Type: application/pdf
Size: 280576 bytes
Desc: Apple_OS_Updates_Process.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240131/9f39487f/attachment-0003.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iOS Updates_FAQ_Tech.pdf
Type: application/pdf
Size: 198174 bytes
Desc: iOS Updates_FAQ_Tech.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240131/9f39487f/attachment-0004.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iOS Updates_FAQ_User.pdf
Type: application/pdf
Size: 189456 bytes
Desc: iOS Updates_FAQ_User.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240131/9f39487f/attachment-0005.pdf>

More information about the CDP-development mailing list