Apple has confirmed that CVE-2024-44308 and CVE-2024-44309 are currently being actively exploited in the wild. Both vulnerabilities are related to the processing of maliciously crafted web content, making them particularly concerning due to the increased potential for widespread exploitation on vulnerable systems.
| Date | 2024-11-20 17:13:03 |
| Information |
|
Technical Summary
Apple has released emergency updates for iOS, iPadOS, macOS, and visionOS to address two actively exploited zero-day vulnerabilities:
- CVE-2024-44308: A flaw in
JavaScriptCorethat allows for arbitrary code execution via malicious web content. - CVE-2024-44309: A vulnerability in cookie handling within
WebKitthat allows for cross-site scripting (XSS) attacks via malicious web content.
Recommendations
To mitigate these risks, Apple users are advised to update their devices to the latest available versions:
- iOS 18.1.1 / 17.7.2: Compatible with iPhone XS and later, iPad Pro, and other supported iPads.
- macOS Sequoia 15.1.1: For macOS Sequoia users.
- visionOS 2.1.1: For Apple Vision Pro.
- Safari 18.1.1: For macOS Ventura and Sonoma users.
[Callforaction-THREAT-Footer]
