{"id":1127566,"date":"2024-02-01T03:53:24","date_gmt":"2024-02-01T05:53:24","guid":{"rendered":"https:\/\/teknomers.com\/fr\/cisa-met-en-garde-contre-lexploitation-active-dune-vulnerabilite-critique-dans-ios-ipados-et-macos\/"},"modified":"2024-02-01T03:53:28","modified_gmt":"2024-02-01T05:53:28","slug":"cisa-met-en-garde-contre-lexploitation-active-dune-vulnerabilite-critique-dans-ios-ipados-et-macos","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/cisa-met-en-garde-contre-lexploitation-active-dune-vulnerabilite-critique-dans-ios-ipados-et-macos\/","title":{"rendered":"CISA met en garde contre l&#8217;exploitation active d&#8217;une vuln\u00e9rabilit\u00e9 critique dans iOS, iPadOS et macOS"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">01 f\u00e9vrier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9\/Mise \u00e0 jour logicielle<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/CISA-met-en-garde-contre-lexploitation-active-dune-vulnerabilite-critique.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a publi\u00e9 mercredi <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2024\/01\/31\/cisa-adds-one-known-exploited-vulnerability-catalog\" target=\"_blank\">ajout\u00e9e<\/a> une faille de haute gravit\u00e9 impactant iOS, iPadOS, macOS, tvOS et watchOS en raison de ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (<a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">KEV<\/a>), fond\u00e9 sur des preuves d&#8217;exploitation active.<\/p>\n<p>La vuln\u00e9rabilit\u00e9, suivie comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-48618\" target=\"_blank\">CVE-2022-48618<\/a> (score CVSS : 7,8), concerne un bug dans le composant noyau.<\/p>\n<p>&#8220;Un attaquant dot\u00e9 de capacit\u00e9s de lecture et d&#8217;\u00e9criture arbitraires pourrait \u00eatre en mesure de contourner l&#8217;authentification par pointeur&#8221;, a d\u00e9clar\u00e9 Apple dans un avis, ajoutant que le probl\u00e8me &#8220;pourrait avoir \u00e9t\u00e9 exploit\u00e9 contre des versions d&#8217;iOS publi\u00e9es avant iOS 15.7.1&#8221;.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tl_d1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Les-attaques-DDoS-contre-le-secteur-des-services-environnementaux-augmentent.gif\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Le fabricant de l&#8217;iPhone a d\u00e9clar\u00e9 que le probl\u00e8me avait \u00e9t\u00e9 r\u00e9solu par des contr\u00f4les am\u00e9lior\u00e9s.  On ne sait pas actuellement comment cette vuln\u00e9rabilit\u00e9 est exploit\u00e9e dans des attaques r\u00e9elles.<\/p>\n<p>Fait int\u00e9ressant, des correctifs pour la faille ont \u00e9t\u00e9 publi\u00e9s le 13 d\u00e9cembre 2022 avec la sortie de <a rel=\"nofollow noopener\" href=\"https:\/\/support.apple.com\/en-us\/HT213530\" target=\"_blank\">iOS 16.2, iPadOS 16.2<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/support.apple.com\/en-us\/HT213532\" target=\"_blank\">macOS Ventura 13.1<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/support.apple.com\/en-us\/HT213535\" target=\"_blank\">tvOS 16.2<\/a>et <a rel=\"nofollow noopener\" href=\"https:\/\/support.apple.com\/en-us\/HT213536\" target=\"_blank\">montreOS 9.2<\/a>bien qu&#8217;il n&#8217;ait \u00e9t\u00e9 rendu public que plus d&#8217;un an plus tard, le 9 janvier 2024.<\/p>\n<p>Il convient de noter qu&#8217;Apple a r\u00e9solu une faille similaire dans le noyau (<a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-32844\" target=\"_blank\">CVE-2022-32844<\/a>score CVSS : 6,3) dans iOS 15.6 et iPadOS 15.6, livr\u00e9s le 20 juillet 2022.<\/p>\n<p>&#8220;Une application dot\u00e9e d&#8217;une capacit\u00e9 de lecture et d&#8217;\u00e9criture arbitraire du noyau peut \u00eatre capable de contourner l&#8217;authentification par pointeur&#8221;, avait d\u00e9clar\u00e9 la soci\u00e9t\u00e9 \u00e0 l&#8217;\u00e9poque.  &#8220;Un probl\u00e8me de logique a \u00e9t\u00e9 r\u00e9solu gr\u00e2ce \u00e0 une gestion am\u00e9lior\u00e9e de l&#8217;\u00e9tat.&#8221;<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/3UvK59NV\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Nouveau-JinxLoader-ciblant-les-utilisateurs-avec-les-logiciels-malveillants-Formbook.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>\u00c0 la lumi\u00e8re de l\u2019exploitation active du CVE-2022-48618, la CISA recommande aux agences du pouvoir ex\u00e9cutif civil f\u00e9d\u00e9ral (FCEB) d\u2019appliquer les correctifs d\u2019ici le 21 f\u00e9vrier 2024.<\/p>\n<p>Le d\u00e9veloppement intervient \u00e9galement alors qu&#8217;Apple a \u00e9tendu les correctifs pour une faille de s\u00e9curit\u00e9 activement exploit\u00e9e dans le moteur du navigateur WebKit (<a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-23222\" target=\"_blank\">CVE-2024-23222<\/a>, score CVSS : 8,8) pour inclure son casque Apple Vision Pro.  Le correctif est disponible dans <a rel=\"nofollow noopener\" href=\"https:\/\/support.apple.com\/en-us\/HT214070\" target=\"_blank\">visionOS 1.0.2<\/a>.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/02\/cisa-warns-of-active-exploitation-of.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80201 f\u00e9vrier 2024\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9\/Mise \u00e0 jour logicielle L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a publi\u00e9 mercredi ajout\u00e9e une faille de haute gravit\u00e9 impactant iOS, iPadOS, macOS, tvOS et watchOS en raison de ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (KEV), fond\u00e9 sur des preuves d&#8217;exploitation active. La vuln\u00e9rabilit\u00e9, suivie comme CVE-2022-48618 (score CVSS : 7,8), [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1127567,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[9261,200292,4805,4168,841,22,4165,4161,200267,429,1326,525,22006,89445,4159,4171,14592,200271,34503,4955,200268,200269,200270,128318,4172,4169,4166,3667,4164],"class_list":["post-1127566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-active","tag-actualites-sur-la-cybersecurite","tag-cisa","tag-comment-pirater","tag-contre","tag-critique","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-dans","tag-dune","tag-garde","tag-ios","tag-ipados","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-lexploitation","tag-logiciel-malveillant-rancongiciel","tag-macos","tag-met","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1127566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1127566"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1127566\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1127567"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1127566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1127566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1127566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}