Apple has released security updates for its operating systems and web browser to address two zero-day flaws that have been actively exploited in the wild. The vulnerabilities, CVE-2024-44308 and CVE-2024-44309, were discovered by Google’s Threat Analysis Group (TAG) and are related to JavaScriptCore and cookie management in WebKit.
CVE-2024-44308 allows for arbitrary code execution when processing malicious web content, while CVE-2024-44309 is a cross-site scripting (XSS) vulnerability that could be exploited through cookie management. Apple has patched both vulnerabilities with improved checks and state management, respectively.
The company acknowledged that the pair of vulnerabilities may have been used to target Intel-based Mac systems, although the exact nature of the exploitation is not yet clear. The updates are available for various devices and operating systems, including iOS 18.1.1, iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1, Safari 18.1.1, and more.
This is the fourth zero-day vulnerability that Apple has addressed this year, following another one demonstrated at the Pwn2Own Vancouver hacking competition. Users are advised to update their devices to the latest version as soon as possible to safeguard against potential threats.
Source: https://thehackernews.com/2024/11/apple-releases-urgent-updates-to-patch.html