Apple Rushes to Patch Two Zero-Day Exploits Targeting Intel-Based Macs
Apple has released emergency security updates to patch two actively exploited zero-day vulnerabilities targeting Intel-based macOS systems. The vulnerabilities affect the JavaScriptCore and WebKit components, both of which are critical to macOS and other Apple operating systems.
Details of the Vulnerabilities
CVE-2024-44308 (JavaScriptCore)
- Impact: Remote Code Execution (RCE).
- Description: Allows attackers to execute arbitrary code through maliciously crafted web content.
- Component: JavaScriptCore, a fundamental part of macOS used to process JavaScript in Safari and other Apple applications.
CVE-2024-44309 (WebKit)
- Impact: Cross-Site Scripting (XSS).
- Description: Enables cross-site scripting (CSS) attacks, potentially compromising sensitive data and user sessions.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Affected Systems and Fixes
Apple has addressed these issues in the following updates:
- macOS: Fixed in macOS Sequoia 15.1.1.
- iOS/iPadOS: Patched in iOS and iPadOS 17.7.2 and 18.1.1.
- visionOS: Updated to 2.1.1.
The vulnerabilities were reported by Clément Lecigne and Benoît Sevens from Google’s Threat Analysis Group (TAG), which specializes in identifying zero-days and targeted exploits.
Exploitation in the Wild
Apple has acknowledged that the flaws were exploited in attacks, particularly targeting Intel-based Macs, but specific details remain scarce. Google TAG, which discovered the flaws, has also withheld further insights into exploitation methods.
Trending: Offensive Security Tool: emp3r0r
Apple Zero-Days in 2024
The patching of these vulnerabilities brings the total number of zero-day fixes by Apple in 2024 to six, significantly fewer than the 20 zero-days addressed in 2023. Apple has been steadily improving its detection and mitigation of such issues, reducing exploit opportunities compared to prior years.
Recommendations
Update Immediately:
- Ensure macOS is updated to 15.1.1 (Sequoia).
- Update iPhones and iPads to the latest iOS and iPadOS versions (17.7.2 or 18.1.1).
- visionOS users should upgrade to 2.1.1.
Enable Auto-Updates: Enable automatic updates for all Apple devices to minimize exposure to newly discovered vulnerabilities.
Exercise Caution with Web Content: As the vulnerabilities involve web exploitation, users should avoid suspicious websites or untrusted links until systems are fully updated.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
New Aquabot Variant Exploiting Mitel SIP Phones via CVE-2024-41710
Apple Patches 2025’s First Zero-Day Vulnerability Exploited in iPhone Attacks
UnitedHealth Data Breach Affects 190 Million Americans in Largest Healthcare Cyberattack of 2024
Cloudflare CDN Flaw Enables Zero-Click Geo-Location Attack via Signal, Discord
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
