Apple has announced urgent security updates to fix two serious vulnerabilities actively exploited on its devices. These updates are available in iOS 18.1.1, iPadOS 18.1.1, Safari 18.1.1, visionOS 2.1.1, and macOS Sequoia 15.1.1, covering a wide array of Apple products, such as iPhones, iPads, and Macs.

Vulnerabilities Target Intel-Based Macs

The vulnerabilities, identified as CVE-2024-44308 and CVE-2024-44309, are reportedly being exploited, particularly affecting Intel-based Mac systems. However, specific details regarding the perpetrators remain undisclosed. While these vulnerabilities have been registered with the National Vulnerability Database (NVD), their risks have yet to be comprehensively evaluated. Older models are not left out, as Apple has also rolled out iOS 17.7.2 and iPadOS 17.7.2 updates to address these issues for users with legacy devices.

Origins of the Discoveries

The critical security weaknesses were discovered by Clément Lecigne and Benoît Sevens from Google's Threat Analysis Group. Michael Covington, VP of Strategy at Jamf, emphasizes the necessity of immediate updates, stating, "The measures taken by Apple introduce stronger mechanisms to thwart malicious actions and enhance data management and tracking during web navigation. It's essential for users and organizations prioritizing mobile security to apply these fixes without delay."

JavaScriptCore and WebKit: The Core Issues - JavaScriptCore Vulnerability (CVE-2024-44308):

This flaw exists within JavaScriptCore, Apple’s framework for executing JavaScript in apps and browsers. The vulnerability allows attackers to execute arbitrary code by crafting malicious web content. The latest updates combat this issue through enhanced security checks. -

WebKit Vulnerability (CVE-2024-44309):

This flaw is located in WebKit, the engine that powers Safari and other web-based content. The vulnerability facilitates cross-site scripting via crafted web content. Apple has rectified this by improving cookie state management. Apple's release of these updates is a crucial step in ensuring the protection of its users' data and devices from potential cyber threats. It is imperative for all impacted users to update their devices promptly to mitigate risks.

The link has been copied!