Site icon Tech-Wire

Apple fixes two zero-days used in attacks on Intel-based Macs

back 2

Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems.

"Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday.

The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS.

The JavaScriptCore CVE-2024-44308 flaw allows attackers to achieve remote code execution through maliciously crafted web content. The other flaw, CVE-2024-44309, allows cross-site scripting (CSS) attacks.

The company says it addressed the security flaws in macOS Sequoia 15.1.1.

As the same components are found in other Apple operating systems, it was also fixed in iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1.

While Apple says both flaws were discovered by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group, the company has not provided further details on how they were exploited.

BleepingComputer contacted Google to learn how the flaws were exploited but was told that they have nothing more to share at this time.

With these two vulnerabilities, Apple has fixed six zero-days so far in 2024, with the first in January, two in March, and the fourth in May.

This number is significantly better than last year when Apple fixed a total of 20 zero-day flaws exploited in the wild, including:

Related Articles:

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws

Zero-Day Bug in KDE 4/5 Executes Commands by Opening a Folder

North Korean hackers create Flutter apps to bypass macOS security

Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws

iPhones now auto-restart to block access to encrypted data after long idle times

________________________________________________________________________________________________________________________________
Original Article Published at Bleeping Computer
________________________________________________________________________________________________________________________________
Exit mobile version