Name of the Vulnerable Software and Affected Versions:

tvOS versions prior to 18.4.1

visionOS versions prior to 2.4.1

iOS versions prior to 18.4.1

iPadOS versions prior to 18.4.1

macOS Sequoia versions prior to 15.4.1

Description:

This issue was addressed by removing the vulnerable code. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. The vulnerability is related to the Reconfigurable Processing Architecture Core (RPAC), a hardware component in newer Apple Silicon chips, and allows attackers to bypass Apple's Pointer Authentication Code (PAC).

Recommendations:

For tvOS versions prior to 18.4.1, update to tvOS 18.4.1 to fix the issue.

For visionOS versions prior to 2.4.1, update to visionOS 2.4.1 to fix the issue.

For iOS versions prior to 18.4.1, update to iOS 18.4.1 to fix the issue.

For iPadOS versions prior to 18.4.1, update to iPadOS 18.4.1 to fix the issue.

For macOS Sequoia versions prior to 15.4.1, update to macOS Sequoia 15.4.1 to fix the issue.