fbpx

Get a free penetration test now! Start Now

Apple Releases Urgent Patches for Actively Exploited Zero-Days Vulnerabilities

Table of Contents

Apple has rolled out critical security updates to tackle two zero-day vulnerabilities that are reportedly being actively exploited in the wild. These updates apply to iOS, iPadOS, macOS, visionOS, and Safari.

Here’s a breakdown of the vulnerabilities:

CVE-2024-44308

  • What is it? A flaw in JavaScriptCore could allow attackers to execute arbitrary code by tricking users into processing malicious web content.

CVE-2024-44309

  • What is it? A cookie management issue in WebKit could lead to cross-site scripting (XSS) attacks when processing harmful web content.

How Apple Fixed It – CVE-2024-44308 and CVE-2024-44309

Apple resolved these vulnerabilities with enhanced validation for JavaScriptCore (CVE-2024-44308) and improved state management for WebKit’s cookie handling (CVE-2024-44309).

While Apple hasn’t disclosed specific exploitation details, they’ve confirmed that these vulnerabilities may have been actively exploited on Intel-based Mac systems.

Instant-penetration-testing-quote

Who Discovered the Flaws?

The vulnerabilities were uncovered by Clément Lecigne and Benoît Sevens from Google’s Threat Analysis Group (TAG). This points to a high likelihood that these flaws were leveraged in targeted attacks, possibly tied to government-backed or mercenary spyware campaigns.

Devices and Systems That Need Updating

Here’s a quick look at which devices and operating systems require updates:

  • iOS 18.1.1 & iPadOS 18.1.1
    • iPhone XS and later
    • iPad Pro 13-inch, iPad Pro 12.9-inch (3rd gen and later), iPad Pro 11-inch (1st gen and later)
    • iPad Air (3rd gen and later), iPad mini (5th gen and later)
  • iOS 17.7.2 & iPadOS 17.7.2
    • iPhone XS and later
    • iPad Pro 13-inch, iPad Pro 12.9-inch (2nd gen and later), iPad Pro 10.5-inch
    • iPad Air (3rd gen and later), iPad mini (5th gen and later)
  • macOS Sequoia 15.1.1
    • All Macs running macOS Sequoia
  • visionOS 2.1.1
    • Apple Vision Pro
  • Safari 18.1.1
    • Macs running macOS Ventura and macOS Sonoma

Why This Matters

These two vulnerabilities add to the four zero-day flaws Apple has addressed this year, including one demonstrated at the Pwn2Own Vancouver hacking competition. This shows that even tech giants like Apple are continually battling sophisticated threats.

What Should You Do?

To protect yourself, update your devices immediately to the latest versions. These updates aren’t just routine—they’re essential for staying secure in an increasingly risky digital landscape.

At Bluefire Redteam, we’re committed to keeping you informed about critical cybersecurity developments.

Detect Vulnerabilities and Remediate in Real-Time.