Apple has recently taken action to address two zero-day vulnerabilities that were impacting its Intel-based Mac computers. In addition to releasing patches for these vulnerabilities, Apple has also confirmed that these flaws were actively being exploited, emphasizing the importance of users updating their systems promptly.
Zero-Day Vulnerabilities Discovered in Intel-based Apple Macs
Users of Apple products are urged to update their Macbooks as the company has released fixes for vulnerabilities affecting its Intel-based Mac computers, some of which were already under attack before a solution was available.
According to Apple’s official advisory, the two vulnerabilities that were affecting Intel-based Mac systems are as follows. While both vulnerabilities have been assigned CVE identifiers, their severity ratings and CVSS scores have not been disclosed.
- CVE-2024-44308: A vulnerability in JavaScriptCore that could potentially lead to arbitrary code execution through the processing of malicious web content. Apple has addressed this issue by implementing enhanced checks.
- CVE-2024-44309: A cross-site scripting vulnerability in WebKit that could be exploited by an attacker through the processing of malicious web content. Apple has fixed this “cookie management issue” by improving state management.
These vulnerabilities were initially discovered by security researchers Clément Lecigne and Benoît Sevens from Google’s Threat Analysis Group (TAG). The researchers reported the findings to Apple, which promptly patched the flaws and released the fixes with macOS Sequoia 15.1.1.
In addition to Mac computers, Apple has also rolled out the same security fixes for iPhones, iPads, and Apple Vision devices that were also affected by these vulnerabilities. Therefore, the threat level remained high for all these products. Apple has released the security updates with iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1. While eligible devices will receive the updates automatically, users are advised to manually check their devices for updates to ensure timely patching.
Apple has addressed multiple zero-day vulnerabilities this year, issuing fixes in January, March, and May.
We would love to hear your thoughts in the comments section.
