Apple says Mac users are being targeted by dangerous zero-day attacks, so update now
- Apple has released a patch for some of its operating systems
- The patch addresses two critical vulnerabilities in JavaScriptCore and WebKit
- Users should install the patches immediately
Apple has released a patch for macOS after discovering two critical zero-day vulnerabilities in the software.
The macOS Sequoia 15.1.1 update appears to fix a vulnerability in JavaScriptCore that could allow attackers to create malicious web content that could result in arbitrary code execution.
A second vulnerability in WebKit would allow attackers to also use malicious web content for cross-site scripting attacks, with Apple claiming for both vulnerabilities that it is “aware of a report that this issue may have been actively exploited on Intel-based Mac systems. ”
Patch now, Apple warns
While the vulnerability may only have been exploited on Intel-based Mac systems, Apple has also released patches for its range of operating systems, including Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1. 1 and visionOS 2.1.1. The JavaScriptCore and WebKit vulnerabilities can allow attackers to compromise vulnerable devices and steal data or install malware.
The vulnerabilities are tracked as CVE-2024-44308 And CVE-2024-44309and have not yet received a severity score from NVD. However, due to the nature of the vulnerabilities and the fact that they were previously unknown to Apple, it is likely to be considered critical and users should apply patches immediately.
The vulnerabilities were discovered by Google’s Threat Analysis Group, which typically deals with state-sponsored threats, suggesting that a government or state-sponsored actor was responsible for exploiting the vulnerabilities.
Mac users can apply the patch by checking for updates in the usual way by navigating to them via the Apple menu System Settings > General > and then click Software update. iPhone users can apply the patch by navigating to Settings > General > and then click Software update. Please note that older devices running older operating systems may not have a patch available.
Via TechCrunch