Source: Dark Reading Author: Dark Reading Staff URL: https://www.darkreading.com/cyberattacks-data-breaches/apple-patches-actively-exploited-zero-days

ONE SENTENCE SUMMARY:

Apple has addressed two actively exploited zero-day vulnerabilities across its ecosystem with recent security updates.

MAIN POINTS:

1. Apple released security updates for two zero-day vulnerabilities under active exploitation.
2. CVE-2024-44308 involves JavaScriptCore vulnerability allowing arbitrary code execution.
3. CVE-2024-44309 is a cookie management issue leading to cross-site scripting attacks.
4. Affected Apple products include iOS, iPadOS, macOS, visionOS, and Safari browser.
5. Google’s Threat Analysis Group discovered and reported these vulnerabilities.
6. Apple provided limited information on exploitation or indicators of compromise.
7. Vulnerabilities may have been exploited on Intel-based Mac systems.
8. Users should update to iOS 18.1.1 and macOS Sequoia 15.1.1 promptly.
9. Better checks and improved state management were implemented in the updates.
10. Apple has not disclosed further details on reported attacks.

TAKEAWAYS:

1. Immediate updates are crucial to protect against newly discovered vulnerabilities.
2. Active reporting from threat analysis groups helps maintain software security.
3. Understanding CVE identifiers can aid in tracking vulnerabilities and patches.
4. Security advisories often lack detailed exploitation information for safety reasons.
5. Regular software updates are essential in safeguarding against active threats.