Apple urgently patches zero-day vulnerabilities actively exploited in iOS and macOS

ISGroup Cybersecurity

Apple has confirmed that CVE-2024-44308 and CVE-2024-44309 are currently being actively exploited in the wild. Both vulnerabilities are related to the processing of maliciously crafted web content, making them particularly concerning due to the increased potential for widespread exploitation on vulnerable systems.

Date2024-11-20 17:13:03
Information
  • Fix Available
  • Active Exploitation

Technical Summary

Apple has released emergency updates for iOS, iPadOS, macOS, and visionOS to address two actively exploited zero-day vulnerabilities:

  • CVE-2024-44308: A flaw in JavaScriptCore that allows for arbitrary code execution via malicious web content.
  • CVE-2024-44309: A vulnerability in cookie handling within WebKit that allows for cross-site scripting (XSS) attacks via malicious web content.

Recommendations

To mitigate these risks, Apple users are advised to update their devices to the latest available versions:

  • iOS 18.1.1 / 17.7.2: Compatible with iPhone XS and later, iPad Pro, and other supported iPads.
  • macOS Sequoia 15.1.1: For macOS Sequoia users.
  • visionOS 2.1.1: For Apple Vision Pro.
  • Safari 18.1.1: For macOS Ventura and Sonoma users.

[Callforaction-THREAT-Footer]