- What Are the Latest Docker Desktop Enterprise-Grade Performance Optimizations | Docker
- This $550 OnePlus flagship is the best Black Friday phone deal I've seen so far
- Grande Rede de Farmácias Brasileira gerencia sua segurança cibernética com Tenable e reduz custos em 25%
- Publicly available life cycle assessments document our products’ environmental impact
- SONiC pioneer Aviz Networks raises $17M for AI network management push
Apple Issues Emergency Security Update for Actively Exploited Flaws
Apple has urged customers to apply emergency security updates, which fixes two actively exploited vulnerabilities on its devices.
The fixes are included in the iOS 18.1.1 and iPadOS 18.1.1, Safari 18.1.1, visionOS 2.1.1 and macOS Sequoia 15.1.1 updates, available across a range of Apple devices, including iPhones, iPads, macOS and Apple Vision Pro.
These address two vulnerabilities – CVE-2024-44308 and CVE-2024-44309 – which Apple said may be actively exploited on Intel-based Mac systems. No details have been provided on which threat actors may be involved in this activity.
Both vulnerabilities have been received by the National Vulnerability Database (NVD) but have not yet been analyzed and assigned a score.
Additionally, iOS 17.7.2 and iPadOS 17.7.2 has been released to address the flaws for customers with older devices.
The vulnerabilities were discovered by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group.
Commenting on the security updates, Michael Covington, VP of Strategy at Jamf, recommended updating any device that is at risk.
“The fixes provided by Apple introduce stronger checks to detect and prevent malicious activity, as well as improve how devices manage and track data during web browsing. With attackers potentially exploiting both vulnerabilities, it is critical that users and mobile-first organizations apply the latest patches as soon as they are able,” he said.
Read now: Apple Rolls Out Major Security Update to Patch macOS and iOS Vulnerabilities
JavaScriptCore Vulnerability
CVE-2024-44308 is a vulnerability in JavaScriptCore, which a framework for running JavaScript code in apps and web browsers.
Apple explained that attackers’ maliciously crafting web content in JavaScriptCore can lead to arbitrary code execution and compromising the device.
Apple said the issue has been addressed in the updates with “improved checks.”
WebKit Vulnerability
CVE-2024-44309 is a flaw found in WebKit, a framework which powers Safari and presents other web-based content to users.
This vulnerability enables cross site scripting attacks by maliciously crafted web content.
Apple described the flaw as a “cookie management issue,” which has been addressed with improved state management.
Image credit: Tada Images / Shutterstock.com