Apple has rushed out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild.
The vulnerabilities, credited to Google’s TAG (Threat Analysis Group), are being actively exploited on Intel-based macOS systems, Apple confirmed in an advisory released on Tuesday.
As is customary, Apple’s security response team did not provide any details on the reported attacks or indicators of compromise (IOCs) to help defenders hunt for signs of infections.
Raw details on the patched vulnerabilities:
- CVE-2024-44308 — JavaScriptCore — Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
- CVE-2024-44309 — WebKit — Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
The company urged users across the Apple ecosystem to apply the urgent iOS 18.1.1, macOS Sequoia 15.1.1 and the older iOS 17.7.2.
Related: Google Patches Critical Chrome Flaw Reported by Apple
Related: Apple Patches Over 70 Flaws Across iOS, macOS Devices
Related: Apple Opens Private Cloud Compute for Public Security Inspection
Related: Apple iOS 18.0.1 Patches Password Exposure and Audio Snippet Bugs
Advertisement. Scroll to continue reading.
Belgium
