One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8630528 |
| Date de publication | 2024-11-20 19:35:24 (vue: 2024-12-27 09:08:19) |
| Titre | Apple Releases Urgent Updates To Patch Actively Exploited Zero-Day macOS Vulnerabilities |
| Texte | Apple has rolled out urgent security updates to fix two zero-day critical vulnerabilities affecting Mac users that have been actively exploited in the wild.
According to the Cupertino giant, the zero-day vulnerabilities, CVE-2024-44308 and CVE-2024-44309, are only actively exploited on Intel-based Mac systems.
“Apple is aware of a report that this issue may have been exploited,” the company said in an advisory published on Tuesday.
The first vulnerability, CVE-2024-44308, is related to JavaScriptCore, which could lead to arbitrary code execution when processing maliciously crafted web content.
On the other hand, the second vulnerability, CVE-2024-44309, is related to WebKit, the engine that powers Safari and web content on Apple devices.
It could lead to a cross-site scripting (CSS) attack when processing maliciously crafted web content.
While the CVE-2024-44308 vulnerability was addressed with improved checks, the CVE-2024-44309 flaw, a cookie management issue, was addressed with improved state management.
These vulnerabilities were discovered and reported by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG), which tracks cyberattacks mostly linked to government-backed actors.
Apple has not provided any information on how the above vulnerabilities were exploited.
However, it has strongly urged its macOS users to immediately update to macOS Sequoia 15.1.1, which addresses the security flaws.
It has also released the latest versions of iOS and iPadOS and recommends that iPhone and iPad users update promptly to mitigate potential security threats.
To download macOS software updates, go to Apple menu > System Settings, click General in the sidebar of the window that opens, then click Software Update on the right.
For software updates on iPhone or iPad, go to Settings > General > Software Update > Check for the update and install.
Apple has rolled out urgent security updates to fix two zero-day critical vulnerabilities affecting Mac users that have been actively exploited in the wild. According to the Cupertino giant, the zero-day vulnerabilities, CVE-2024-44308 and CVE-2024-44309, are only actively exploited on Intel-based Mac systems. “Apple is aware of a report that this issue may have been exploited,” the company said in an advisory published on Tuesday. The first vulnerability, CVE-2024-44308, is related to JavaScriptCore, which could lead to arbitrary code execution when processing maliciously crafted web content. On the other hand, the second vulnerability, CVE-2024-44309, is related to WebKit, the engine that powers Safari and web content on Apple devices. It could lead to a cross-site scripting (CSS) attack when processing maliciously crafted web content. While the CVE-2024-44308 vulnerability was addressed with improved checks, the CVE-2024-44309 flaw, a cookie management issue, was addressed with improved state management. These vulnerabilities were discovered and reported by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG), which tracks cyberattacks mostly linked to government-backed actors. Apple has not provided any information on how the above vulnerabilities were exploited. |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | “apple ” the 2024 44308 44309 > system settings above according actively actors addressed addresses advisory affecting also analysis any apple arbitrary are attack aware backed based been benoît check checks click clément code company content cookie could crafted critical cross css cupertino cve cyberattacks day devices discovered download macos engine execution exploited exploited zero first fix flaw flaws general giant google’s government group hand has have how however immediately improved information install intel ios ipad ipados iphone issue its javascriptcore latest lead lecigne linked mac macos maliciously management may menu mitigate mostly not only opens other out patch potential powers processing promptly provided published recommends related released releases report reported right rolled safari said in scripting second security sequoia settings sevens sidebar site software state strongly systems tag then these threat threats to macos tracks tuesday two update updates updates to urged urgent users versions vulnerabilities vulnerability web webkit when which wild window zero |
| Tags | Vulnerability Threat Mobile |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.