Home Security Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

by


Nov 20, 2024Ravie LakshmananZero Day / Vulnerability

Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.

The flaws are listed below –

  • CVE-2024-44308 – A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content
  • CVE-2024-44309 – A cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious web content
Cybersecurity

The iPhone maker said it addressed CVE-2024-44308 and CVE-2024-44309 with improved checks and improved state management, respectively.

Not much is known about the exact nature of the exploitation, but Apple has acknowledged that the pair of vulnerabilities “may have been actively exploited on Intel-based Mac systems.”

Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG) have been credited with discovering and reporting the two flaws, indicating that they were likely put to use as part of highly-targeted government-backed or mercenary spyware attacks.

The updates are available for the following devices and operating systems –

  • iOS 18.1.1 and iPadOS 18.1.1 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • iOS 17.7.2 and iPadOS 17.7.2 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
  • macOS Sequoia 15.1.1 – Macs running macOS Sequoia
  • visionOS 2.1.1 – Apple Vision Pro
  • Safari 18.1.1 – Macs running macOS Ventura and macOS Sonoma
Cybersecurity

Apple has so far addressed a total of four zero-days in its software this year, including one (CVE-2024-27834) that was demonstrated at the Pwn2Own Vancouver hacking competition. The other three were patched in January and March 2024.

Users are advised to update their devices to the latest version as soon as possible to safeguard against potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex