Close Menu
Subscribe
Global Security

Apple releases urgent updates to fix actively exploited Zero-Day vulnerabilities

AdminBy No Comments2 Mins Read
Apple Zero-Day Vulnerabilities


November 20, 2024Ravi LakshmananZero Day / Vulnerability

Apple Zero-Day Vulnerabilities

Apple has released security updates for iOS, iPadOS, macOS, visionOS and its Safari web browser to address two zero-day vulnerabilities that have been widely exploited in the wild.

Disadvantages are listed below –

  • CVE-2024-44308 – A vulnerability in JavaScriptCore that could allow arbitrary code execution when processing malicious web content
  • CVE-2024-44309 – A cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack when handling malicious web content
Cyber ​​security

The iPhone maker said it addressed CVE-2024-44308 and CVE-2024-44309 with improved checks and improved state management, respectively.

Not much is known about the exact nature of the exploit, but Apple admitted that a pair of vulnerabilities “may have been actively exploited on Intel-based Mac systems.”

Clement Lessin and Benoit Sevens of Google’s Threat Analysis Group (TAG) are credited with discovering and reporting the two flaws, indicating that they were likely used in targeted government-backed or mercenary spyware attacks.

Updates are available for the following devices and operating systems:

  • iOS 18.1.1 and iPadOS 18.1.1 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7- 5th generation and later and iPad mini 5th generation and later
  • iOS 17.7.2 and iPadOS 17.7.2 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later , iPad 6th generation and later, and iPad mini 5th generation and later
  • macOS Sequoia 15.1.1 – Mac computers running macOS Sequoia
  • visionOS 2.1.1 – Apple Vision Pro
  • Safari 18.1.1 – Mac running macOS Ventura and macOS Sonoma
Cyber ​​security

Apple has affected a total of four zero days in its software this year, including one (CVE-2024-27834), which was demonstrated at the Pwn2Own hacking competition in Vancouver. The other three were patched January and March 2024.

Users are advised to update their devices to the latest version as soon as possible to protect themselves from potential threats.

Did you find this article interesting? Follow us Twitter and LinkedIn to read more exclusive content we publish.





Source link

Share.

Related Posts

Add A Comment
Leave A Reply