Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems.

"Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday.

The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS.

The JavaScriptCore CVE-2024-44308 flaw allows attackers to achieve remote code execution through maliciously crafted web content. The other flaw, CVE-2024-44309, allows cross-site scripting (CSS) attacks.

See more:
The Hacker News:
https://thehackernews.com/2024/11/apple-releases-urgent-updates-to-patch.html

BleepingComputer:
https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-used-in-attacks-on-intel-based-macs/

SecurityWeek:
https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/

Infosecurity magazine:
https://www.infosecurity-magazine.com/news/apple-security-update/

#cybersecurity #apple #zeroday