- Apple has issued a patch to a number of its operating systems
- The patch addresses two critical vulnerabilities in JavaScriptCore and WebKit
- Users should install the patches immediately
Apple has issued a patch for macOS following the exposure of two critical zero-day vulnerabilities found in the software.
The macOS Sequoia 15.1.1 update looks to mitigate a vulnerability in JavaScriptCore that would allow attackers to create malicious web content that could result in arbitrary code execution.
A second vulnerability found in WebKit would allow attackers to also use malicious web content for cross site scripting attacks, with Apple stating for both vulnerabilities, it is “aware of a report that this issue may have been actively exploited on Intel-based Mac systems.”
Patch now, warns Apple
While the vulnerability may have only been potentially exploited on Intel-based Mac systems, Apple has also issued patches across its range of operating systems, including Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1. The JavaScriptCore and WebKit vulnerabilies could allow attackers to compromise vulnerable devices and steal data or install malware.
The vulnerabilities are tracked as CVE-2024-44308 and CVE-2024-44309, and have not yet received a severity score from NVD. However, due to the nature of the vulnerabilities and the fact that they were previously unknown to Apple, they are likely to be deemed critical and users should apply patches immediately.
The vulnerabilities were discovered by Google’s Threat Analysis Group which typically deals with state-sponsored threats, suggesting that a government or state-sponsored actor was responsible for the exploitation of the vulnerabilities.
Mac users can apply the patch by searching for updates in the usual manner by using the Apple menu to navigate to System Settings > General > and then clicking Software Update. iPhone users can apply the patch by navigating to Settings > General > and then clicking Software Update. Be aware that older devices that use older operating systems may not have a patch available.
Via TechCrunch