Apple Products Pointer Authentication Bypass Vulnerability

A vulnerability allowing an attacker with arbitrary read and write capabilities to bypass Pointer Authentication has been identified in multiple Apple products, including iOS, iPadOS, macOS Ventura, tvOS, and watchOS. This vulnerability arises from a time-of-check/time-of-use (TOCTOU) memory corruption issue. Apple is aware of reports suggesting that this vulnerability may have been exploited in earlier iOS versions before iOS 15.7.1.

Impact

Exploitation of this vulnerability could lead to a bypass of Pointer Authentication, potentially allowing for unauthorized memory manipulation or code execution.

Remediation

Users can update to the latest versions of the affected operating systems. The vulnerability is fixed in iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, and watchOS 9.2.