Apple Issues Emergency updates for iOS, iPadOS, macOS, visionOS, and Safari to fix two actively exploited zero-day vulnerabilities. The flaws, identified as CVE-2024-44308 and CVE-2024-44309, were discovered in WebKit, the engine powering Apple’s Safari browser, and other apps that render web content.
The vulnerabilities could allow attackers to execute arbitrary code or carry out cross-site scripting (XSS) attacks, emphasizing the urgent need for users to update their devices.
Details of the Apple Issues Emergency
1.CVE-2024-44308
A flaw in JavaScriptCore that could enable arbitrary code execution when processing malicious web content. Apple addressed this issue by introducing enhanced checks.
2. CVE-2024-44309
A cookie management vulnerability in WebKit that could facilitate cross-site scripting attacks when dealing with malicious web content. The company mitigated this issue through improved state management.
Apple acknowledged that the vulnerabilities “may have been actively exploited on Intel-based Mac systems.” While the exact methods of exploitation remain unclear, the flaws were reported by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG). This suggests the vulnerabilities were likely leveraged in sophisticated, targeted attacks, potentially by government-backed actors or spyware operators.
Devices and Updates Affected
The security patches are available for a range of Apple devices and Apple Issues Emergency operating systems, as follows:
1. iOS 18.1.1 and iPadOS 18.1.1
Compatible with iPhone XS and later, iPad Pro models (13-inch, 12.9-inch 3rd generation and later, 11-inch 1st generation and later), iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
2. iOS 17.7.2 and iPadOS 17.7.2
For older devices including iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
3. macOS Sequoia 15.1.1
For Macs running macOS Sequoia.
4. visionOS 2.1.1
For Apple Vision Pro.
5. Safari 18.1.1
For Macs using macOS Ventura and macOS Sonoma.
Apple has made these updates available for immediate download, urging users to install them promptly to safeguard their devices from potential threats.
Apple’sZero-Day Vulnerabilities Track Record
These latest vulnerabilities mark the third and fourth zero-day flaws addressed by Apple this year. Notably, one of these, CVE-2024-27834, was demonstrated at the Pwn2Own Vancouver hacking competition. The other three were patched in January and March 2024.
As cyber threats continue to evolve, Apple Issues Emergency in addressing zero-day exploits underscore the importance of staying updated. Users are strongly advised to install the latest software versions to minimize security risks.
For more insights into Apple’s ongoing security efforts and related news, follow updates on social platforms like Twitter and LinkedIn.
