top of page
Search
Tom Foale
Nov 222 min read

Apple OS VULNERABILITIES

22/11/24.

Apple has issued patches for two critical zero-day vulnerabilities actively exploited by threat actors. These flaws allow attackers to leverage malicious web content to execute arbitrary code and carry out cross-site scripting (XSS) attacks. Users are advised to update their devices promptly to mitigate potential risks.

The critical security patch includes updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser.

Details of the Vulnerabilities


  1. CVE-2024-44308 (CVSS score: 8.8) A flaw in JavaScriptCore that allows arbitrary code execution when processing malicious web content.

  2. CVE-2024-44309 (CVSS score: 6.1) A cookie management issue in WebKit that enables cross-site scripting (XSS) attacks when handling malicious web content.


Security Fixes

Apple has mitigated these vulnerabilities with enhanced checks for CVE-2024-44308 and improved state management for CVE-2024-44309. Although specific details of the exploitation remain unclear, Apple has confirmed that the flaws "may have been actively exploited on Intel-based Mac systems."

While Apple says both flaws were discovered by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group, the company has not provided further details on how they were exploited.

Affected Devices and Available Updates

The updates target a wide range of devices and operating systems:


  • iOS 18.1.1 and iPadOS 18.1.1: Compatible with iPhone XS and later models, iPad Pro (13-inch, 12.9-inch 3rd gen and later, 11-inch 1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later), and iPad mini (5th gen and later).

  • iOS 17.7.2 and iPadOS 17.7.2: Compatible with iPhone XS and later models, iPad Pro (13-inch, 12.9-inch 2nd gen and later, 10.5-inch, 11-inch 1st gen and later), iPad Air (3rd gen and later), iPad (6th gen and later), and iPad mini (5th gen and later).

  • macOS Sequoia 15.1.1: For Macs running macOS Sequoia.

  • visionOS 2.1.1: For Apple Vision Pro.

  • Safari 18.1.1: Available for Macs running macOS Ventura and macOS Sonoma.


Recommendations

Users are strongly encouraged to update their devices promptly to protect against potential threats posed by these vulnerabilities.

1 view0 comments

Recent Posts

See All

Mailbombing Attacks

There is a current mail-bomb cyberattack underway on multiple businesses, large and small. Users are being targeted with large numbers of...

0 comments

Comments

bottom of page