Source: Dark Reading Author: Dark Reading Staff URL: https://www.darkreading.com/cyberattacks-data-breaches/apple-patches-actively-exploited-zero-days
-
ONE SENTENCE SUMMARY: Apple has addressed two actively exploited zero-day vulnerabilities across its ecosystem with recent security updates.
-
MAIN POINTS:
-
Apple released security updates for two zero-day vulnerabilities under active exploitation.
-
CVE-2024-44308 involves JavaScriptCore vulnerability allowing arbitrary code execution.
-
CVE-2024-44309 is a cookie management issue leading to cross-site scripting attacks.
-
Affected Apple products include iOS, iPadOS, macOS, visionOS, and Safari browser.
-
Google’s Threat Analysis Group discovered and reported these vulnerabilities.
-
Apple provided limited information on exploitation or indicators of compromise.
-
Vulnerabilities may have been exploited on Intel-based Mac systems.
-
Users should update to iOS 18.1.1 and macOS Sequoia 15.1.1 promptly.
-
Better checks and improved state management were implemented in the updates.
-
Apple has not disclosed further details on reported attacks.
-
TAKEAWAYS:
-
Immediate updates are crucial to protect against newly discovered vulnerabilities.
-
Active reporting from threat analysis groups helps maintain software security.
-
Understanding CVE identifiers can aid in tracking vulnerabilities and patches.
-
Security advisories often lack detailed exploitation information for safety reasons.
-
Regular software updates are essential in safeguarding against active threats.