Apple has released emergency security updates to address two critical zero-day vulnerabilities that have been actively exploited on Intel-based Mac systems. These flaws, tracked as CVE-2024-44308 and CVE-2024-44309, impact multiple Apple platforms, including macOS, iOS, iPadOS, visionOS, and Safari.

Apple Patches Two Actively Exploited Zero-Day Vulnerabilities Technical Overview

CVE-2024-44308: JavaScriptCore Arbitrary Code Execution

  • Impact: Allows attackers to achieve remote code execution by processing maliciously crafted web content.
  • Resolution: Addressed with improved checks in macOS Sequoia 15.1.1 and other Apple operating systems.

CVE-2024-44309: WebKit Cross-Site Scripting (XSS)

  • Impact: Enables cross-site scripting attacks via malicious web content, potentially exposing sensitive user data.
  • Resolution: Mitigated through improved state management in updated Apple software versions.

Affected Devices and Operating Systems

Updates are available for the following:

  • macOS Sequoia 15.1.1: Intel-based Mac systems.
  • iOS 18.1.1 and iPadOS 18.1.1: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
  • iOS 17.7.2 and iPadOS 17.7.2: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
  • visionOS 2.1.1: Apple Vision Pro.
  • Safari 18.1.1: Macs running macOS Ventura and macOS Sonoma.

What We Suggest

Update Devices Immediately:

    • Install the latest versions of macOS, iOS, iPadOS, visionOS, and Safari.
      Ensure all impacted devices are updated to protect against potential exploits.

    Practice Safe Browsing:

    • Avoid clicking on unknown or untrusted links.
    • Be cautious when visiting unfamiliar websites.

    Monitor for Suspicious Activity

    • Regularly review security logs and monitor devices for unusual behavior.

    Educate Users:

    • Inform users about the importance of keeping devices updated and recognizing phishing attempts that may exploit such vulnerabilities.

    DIFEND WITH CONFIDENCE

    Know The Threats That Matter Right Now—Get Advisories Direct to Your Inbox

    Subscribe