Apple has issued an emergency update for iOS 18.1.1, urging users to apply it immediately due to two serious security vulnerabilities. The update fixes flaws in the JavaScriptCore framework and WebKit engine, which could be exploited by attackers to execute malicious code.
The first issue, CVE-2024-44308, affects Intel-based Mac systems and allows for remote execution of code if a user interacts with maliciously crafted web content. Apple has acknowledged that this issue may have been actively exploited on these systems.
The second issue, CVE-2024-44309, affects the WebKit engine and could result in cross-site scripting attacks, allowing attackers to inject malicious code into trusted websites or applications.
According to Sean Wright, head of application security at Featurespace, both vulnerabilities are significant and pose a risk to users. He advises updating as soon as possible, emphasizing that even with sandbox protections, these vulnerabilities can allow attackers to redirect users to malicious sites and steal session tokens.
The update is recommended for all iPhone users on supported devices, including the Phone XS and later models, iPad Pro 13-inch and later, and iPad Air 3rd generation and later. To apply the update, go to Settings > General > Software Update and download iOS 18.1.1 or iOS 17.7.2.
Users are advised to be vigilant when browsing sites and clicking on links, as these vulnerabilities can be exploited in various ways. With this emergency update, Apple is taking proactive steps to address the security concerns and protect its users.
Source: https://www.forbes.com/sites/kateoflahertyuk/2024/11/20/ios-1811-update-now-warning-issued-to-all-iphone-users