iOS 18.1.1, iPadOS 18.1.1, macOS Sequoia 15.1.1 or even visionOS 2.1.1, but also iOS 17.7.2, iPadOS 17.7.2, as well as the Safari 18.1 browser for macOS Ventura and macOS Sonoma. Apple releases updates that are dedicated to fixing security vulnerabilities.
This publication is taking place urgently, as the two flaws to be corrected are the subject of a active exploitation in attacks. They affect JavaScriptCore and WebKit.
In its security advisory, Apple mentions the possibility of arbitrary code execution via the processing of malicious web content and a cross-site scripting (XSS; indirect code injection) attack in connection with a problem in the management of cookies.
A little idea of the nature of the attacks
Referenced CVE-2024-44308 and CVE-2024-44309, the two 0-day vulnerabilities were reported to Apple by security researchers at Threat Analysis Group (TAG) de Google. In the absence of further details at the moment, this is already a clue to the content of active exploitation.
The TAG's primary mission is to track actors involved in information operations, government-backed attacks and financially motivated abuses. Of particular interest are the activities of commercial spyware providers.
A notable point is that the operating reports concern Intel-based Mac computers. That being said, corrective action should not be neglected for all of the systems mentioned by Apple.
Fewer 0-day vulnerabilities than in 2023
More information about vulnerabilities and attacks will likely come later, when the patches have been sufficiently implemented by users.
According to accounts kept by BleepingComputer, Apple has corrected six 0-day vulnerabilities since the start of this year 2024. Currently, this total is better than last year with around twenty 0-day vulnerabilities exploited in the wild.
Related News :