Apple has issued emergency updates to address two actively exploited zero-day vulnerabilities affecting Intel-based Mac systems. The flaws, CVE-2024-44308 and CVE-2024-44309, were found in the macOS Sequoia JavaScriptCore and WebKit components, enabling remote code execution and cross-site scripting attacks, respectively, through maliciously crafted web content.
The issues were resolved in macOS Sequoia 15.1.1, with similar fixes applied to iOS 17.7.2, iPadOS 17.7.2, iOS 18.1.1, iPadOS 18.1.1, and visionOS 2.1.1, as the affected components are shared across these systems. While Apple credited researchers from Google’s Threat Analysis Group for discovering the flaws, it has not disclosed further details about the exploitation methods.
These patches bring the total zero-day fixes by Apple in 2024 to six, a significant reduction compared to the 20 zero-day vulnerabilities addressed in 2023. Users are strongly advised to update their devices to the latest software versions to mitigate potential risks.
Read more...