Man
Professional
- Messages
- 2,965
- Reaction score
- 488
- Points
- 83
Users are advised to update their OS version as soon as possible to prevent hacking.
Apple has released emergency security updates to address two zero-day vulnerabilities exploited in attacks on Intel-based systems.
The updates fix bugs found in macOS Sequoia JavaScriptCore and WebKit components:
Apple said it has addressed these vulnerabilities by improving checks and state management, respectively. Additional details about how to exploit the flaws have not yet been provided.
The flaws were fixed in the macOS Sequoia 15.1.1 update. The problems also affect other Apple operating systems that use similar components. Fixes are included in iOS 17.7.2 and iPadOS 17.7.2, as well as iOS 18.1.1, iPadOS 18.1.1, and visionOS 2.1.1.
This year, Apple has already fixed 6 zero-day vulnerabilities. For comparison, 20 such vulnerabilities were fixed last year. Experts recommend that all users update their devices to the latest versions of operating systems to protect against possible attacks.
In September, Apple released a new version of the operating system for computers - macOS 15, known as Sequoia. However, immediately after the release, it became known that the system caused problems in the operation of some information security products, including solutions from CrowdStrike and Microsoft, which led to massive failures in Windows around the world.
A security researcher under the pseudonym "Mickey Jin" has introduced a new attack vector capable of bypassing macOS defenses. The speaker at the POC2024 conference spoke about a recently discovered vulnerability that allows attackers to bypass the macOS sandbox and access files without restrictions.
Source
Apple has released emergency security updates to address two zero-day vulnerabilities exploited in attacks on Intel-based systems.
The updates fix bugs found in macOS Sequoia JavaScriptCore and WebKit components:
- CVE-2024-44308 (CVSS score: 6.8) is a vulnerability in macOS Sequoia JavaScriptCore that can lead to Remote Code Execution (RCE) when processing malicious web content.
- CVE-2024-44309 (CVSS score: 4.3) – A cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious web content.
Apple said it has addressed these vulnerabilities by improving checks and state management, respectively. Additional details about how to exploit the flaws have not yet been provided.
The flaws were fixed in the macOS Sequoia 15.1.1 update. The problems also affect other Apple operating systems that use similar components. Fixes are included in iOS 17.7.2 and iPadOS 17.7.2, as well as iOS 18.1.1, iPadOS 18.1.1, and visionOS 2.1.1.
This year, Apple has already fixed 6 zero-day vulnerabilities. For comparison, 20 such vulnerabilities were fixed last year. Experts recommend that all users update their devices to the latest versions of operating systems to protect against possible attacks.
In September, Apple released a new version of the operating system for computers - macOS 15, known as Sequoia. However, immediately after the release, it became known that the system caused problems in the operation of some information security products, including solutions from CrowdStrike and Microsoft, which led to massive failures in Windows around the world.
A security researcher under the pseudonym "Mickey Jin" has introduced a new attack vector capable of bypassing macOS defenses. The speaker at the POC2024 conference spoke about a recently discovered vulnerability that allows attackers to bypass the macOS sandbox and access files without restrictions.
Source
