Apple has issued urgent security updates across its ecosystem to address two actively exploited zero-day vulnerabilities:
Key Vulnerabilities:
1. CVE-2024-44308 (CVSS: 8.8)
– Affects: JavaScriptCore
– Risk: Arbitrary code execution
– Impact: High
2. CVE-2024-44309 (CVSS: 6.1)
– Affects: WebKit
– Risk: Cross-site scripting (XSS)
– Impact: Medium
Affected Systems:
– iOS/iPadOS (versions 18.1.1 and 17.7.2)
– macOS Sequoia 15.1.1
– visionOS 2.1.1
– Safari 18.1.1
Important Notes:
– Active exploitation confirmed on Intel-based Macs
– Discovered by Google’s Threat Analysis Group
– Likely used in targeted government or spyware attacks
– Represents 2 of 4 zero-days patched by Apple in 2024
Recommendation:
Users should immediately update all affected devices to the latest versions to ensure protection against these security threats.