Trend Tide News

Apple Issues Emergency Patch For Actively-Exploited Zero-Day Threat On Mac

By Tim Sweezy
Apple Issues Emergency Patch For Actively-Exploited Zero-Day Threat On Mac

Apple confirmed it has issued an emergency patch for two actively-exploited zero-day threats on macOS, iPadOS, iOS, visionOS, and its Safari web browser. The Cupertino-based company remarked the emergency patch addresses CVE-2024-44308 and CVE-2024-44309 with improved checks and improved state management, respectively. While the two zero-day threats have only been reported to have been exploited on Intel-based Mac systems, all Apple devices should be updated immediately.

The discovery of the vulnerabilities are attributed to Clement Lecigne and Benoit Sevens of Google's Threat Analysis Group (TAG). Because of this, many are speculating that the vulnerabilities were likely being abused as part of highly-targeted government-backed or mercenary spyware attacks.

"The fixes provided by Apple introduce stronger checks to detect and prevent malicious activity, as well as improve how devices manage and track data during web browsing," explained Michael Covington, VP of Strategy at Jamf. Covington added, "With attackers potentially exploiting both vulnerabilities, it is critical that users and mobile-first organizations apply the latest patches as soon as they are able."

According to Apple's announcement: CVE-2024-44308 - JavaScriptCore - Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. CVE-2024-44309 - WebKit - Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

The fixes included in the emergency patch are part of the macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, Safari 18.1.1, and visionOS 2.1.1 updates. Apple added the flaws may be actively exploited on Intel-based Mac systems, however, no details have been provided on who may have been involved.

Apple has addressed four other zero-day vulnerabilities in 2024. CVE-2024-27834 was demonstrated at the Pwn20wn Vancouver hacking competition, while the other three were patched in January and March of this year.

All Apple users are urged to update their devices immediately to address, and safeguard their devices against the new zero-day threats.

Previous articleNext article

POPULAR CATEGORY

commerce

8867

tech

9875

amusement

10642

science

4797

various

11267

healthcare

8491

sports

11214