Thursday, November 28

Apple repairs 2 zero-days utilized in attacks on Intel-based Macs

by admin
Apple repairs 2 zero-days utilized in attacks on Intel-based Macs

Apple launched emergency situation security updates to repair 2 zero-day vulnerabilities that were made use of in attacks on Intel-based Mac systems.

“Apple knows a report that this concern might have been made use of,” the business stated in an advisory provided on Tuesday.

The 2 bugs were discovered in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) parts of macOS.

The JavaScriptCore CVE-2024-44308 defect enables opponents to attain remote code execution through maliciously crafted web material. The other defect, CVE-2024-44309, permits cross-site scripting (CSS) attacks.

The business states it dealt with the security defects in macOS Sequoia 15.1.1.

As the exact same elements are discovered in other Apple os, it was likewise repaired in iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1.

While Apple states both defects were found by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group, the business has actually not supplied additional information on how they were made use of.

BleepingComputer called Google to find out how the defects were made use of however was informed that they have absolutely nothing more to share at this time.

With these 2 vulnerabilities, Apple has actually repaired 6 zero-days up until now in 2024, with the very first in January, 2 in March, and the 4th in May.

This number is considerably much better than in 2015 when Apple repaired an overall of 20 zero-day defects made use of in the wild, consisting of:

  • 2 zero-days (CVE-2023-42916 and CVE-2023-42917) in November
  • 2 zero-days (CVE-2023-42824 and CVE-2023-5217) in October
  • 5 zero-days (CVE-2023-41061, CVE-2023-41064, CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993) in September
  • 2 zero-days (CVE-2023-37450 and CVE-2023-38606) in July
  • 3 zero-days (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439) in June
  • 3 more zero-days (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) in May
  • 2 zero-days (CVE-2023-28206 and CVE-2023-28205) in April
  • and another WebKit zero-day (CVE-2023-23529) in February

» …
Find out more