Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Apple recently addressed two zero-day vulnerabilities affecting its Intel-based Macs. Alongside releasing the fixes, the firm also confirmed detecting active exploitation of the flaws, urging users to update their systems as soon as possible.

Two Zero-Day Flaws Found In Intel-based Apple Macs

Apple users must update their Macbooks as the tech giant rolled out vulnerability fixes. Specifically, the firm addressed two zero-day flaws affecting its Intel-based Macs, which even went under attack before a fix.

According to Apple’s advisory, the following are the two vulnerabilities that plagued Intel-based Mac systems. Although both vulnerabilities have received the respective CVE identifiers, their severity ratings and CVSS scores remain unclear.

  • CVE-2024-44308: A vulnerability in JavaScriptCore that could allow arbitrary code execution by processing maliciously crafted web content. Apple addressed this issue with improved checks.
  • CVE-2024-44309: A cross-site scripting vulnerability in WebKit that an adversary could exploit by processing maliciously crafted web content. Regarding the fix, Apple mentioned addressing this “cookie management issue” with improved state management.

Both vulnerabilities first caught the attention of security researchers Clément Lecigne and Benoît Sevens from Google’s Threat Analysis Group (TAG). The researchers then reported the matter to Apple, which patched the flaws and released the fixes with macOS Sequoia 15.1.1.

Besides Macs, Apple also released the same security fixes for its iPhones, iPads, and Apple Vision devices, which also exhibited those issues. Hence, the threat remained as severe for these products as for Macs. Apple released the security fixes with iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1. While the updates would automatically reach the eligible devices, users should still check their devices manually for any updates to ensure patching their devices in time.

Apple has addressed several zero-days .

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients