Apple Releases Emergency Security Updates For Actively Exploited Vulnerabilities

Apple Releases Emergency Security Updates For Actively Exploited Vulnerabilities

The Cyber Security Hub? The Cyber Security Hub?

The Cyber Security Hub?

World's Premier Cyber Security Portal

发布日期: 2024年11月22日
+ 关注


Apple has issued patches for two critical zero-day vulnerabilities actively exploited by threat actors. These flaws allow attackers to leverage malicious web content to execute arbitrary code and carry out cross-site scripting (XSS) attacks. Users are advised to update their devices immediately to mitigate potential risks.

The critical security patch includes updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser.

Details of the Vulnerabilities

  1. CVE-2024-44308 (CVSS score: 8.8) A flaw in JavaScriptCore that allows arbitrary code execution when processing malicious web content.
  2. CVE-2024-44309 (CVSS score: 6.1) A cookie management issue in WebKit that enables cross-site scripting (XSS) attacks when handling malicious web content.

Security Fixes

Apple has mitigated these vulnerabilities with enhanced checks for CVE-2024-44308 and improved state management for CVE-2024-44309. Although specific details of the exploitation remain unclear, Apple has confirmed that the flaws "may have been actively exploited on Intel-based Mac systems."

领英推荐

While Apple says both flaws were discovered by Clément Lecigne and Beno?t Sevens of Google's Threat Analysis Group, the company has not provided further details on how they were exploited.

Affected Devices and Available Updates

The updates target a wide range of devices and operating systems:

  • iOS 18.1.1 and iPadOS 18.1.1: Compatible with iPhone XS and later models, iPad Pro (13-inch, 12.9-inch 3rd gen and later, 11-inch 1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later), and iPad mini (5th gen and later).
  • iOS 17.7.2 and iPadOS 17.7.2: Compatible with iPhone XS and later models, iPad Pro (13-inch, 12.9-inch 2nd gen and later, 10.5-inch, 11-inch 1st gen and later), iPad Air (3rd gen and later), iPad (6th gen and later), and iPad mini (5th gen and later).
  • macOS Sequoia 15.1.1: For Macs running macOS Sequoia.
  • visionOS 2.1.1: For Apple Vision Pro.
  • Safari 18.1.1: Available for Macs running macOS Ventura and macOS Sonoma.

Recommendations

Users are strongly encouraged to update their devices promptly to protect against potential threats posed by these vulnerabilities.

Cyber Security Hub Newsletter Cyber Security Hub Newsletter

Cyber Security Hub Newsletter

591,754 位关注者

订阅
Bo?tjan Dolin?ek

3 个月

OK Bo?tjan Dolin?ek
回复
Suffyan Ali

AWS DevSecOps Engineer ?? | Architecting Secure, AI-Optimized Cloud Ecosystems (AWS | Azure)| Automating CI/CD with Self-Healing Pipelines & NIST/ISO 27001-Compliant? | 5x Deployment Efficiency, 99.9% Compliance

3 个月

This is an important reminder of how fast attackers exploit vulnerabilities. Apple's quick response highlights the importance of staying updated to protect devices from these threats. How do you think organizations can encourage users to prioritize such updates before exploits cause harm?
回复
C.A.Robinson Detective Agency

C.A.Robinson 是一家获得许可和保税的私人侦探机构,在全球范围内提供民事和刑事远程网络数字取证。 数据合规 网络调查 数字取证 C.A.Robinson shì yījiā huòdé xǔkě hé bǎoshuì de sīrén zhēntàn jīgòu, zài quánqiú fànwéi nèi tígōng mínshì hé xíngshì yuǎnchéng wǎngluò shùzì qǔzhèng.

3 个月

Helpful certainly, but "the elephant in the room" is a lack of proper due care security as permitted by law with legal immunity enjoyed by US telecom, tele data and Internet companies. It's time to repeal Telecommunications Act of 1996, also known as Public Law 104-104.

回复
Martin Nitsche

Erkl?rb?r ?? | Funkensprüher ? | DDV-Pr?sident

3 个月

Danke für die Info - gerade mal die ganze Familie drauf hingewiesen, jetzt müssen so ca. 20 Ger?te aktualisiert werden...
回复
Tom Harper

Retired from Federal Service

3 个月

????
回复
查看更多评论

要查看或添加评论,请登录

The Cyber Security Hub?的更多文章

社区洞察

其他会员也浏览了