Apple Patches Two Zero-Day Vulnerabilities in Intel-Based Macs

November 19, 2024

Apple has urgently released security patches to rectify two zero-day vulnerabilities that have been used in attacks on Intel-based Mac systems. In a recent advisory, the tech giant stated, "Apple is aware of a report that this issue may have been exploited."

The two identified bugs were located in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS. The JavaScriptCore flaw, CVE-2024-44308, enables attackers to execute remote code via malicious web content. Concurrently, the other vulnerability, CVE-2024-44309, permits cross-site scripting (CSS) attacks.

Apple has addressed these security gaps for devices operating on macOS Sequoia 15.1.1. As these components are also present in other Apple operating systems, the fixes were also applied to iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1.

Both vulnerabilities were unearthed by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group. However, Apple has not released further details regarding the exploitation of these flaws. An attempt was made to contact Google for more information on the exploitation of these vulnerabilities, but a response is still awaited.

In 2024, Apple has addressed six zero-day vulnerabilities so far, with the first one appearing in January, two in March, and the fourth one in May. This is a significant improvement from the previous year, when Apple rectified a total of 20 zero-day vulnerabilities that were exploited in the wild.

Latest News

• Oracle Addresses Zero-Day Exploit in Agile PLM Software
• D-Link Urges Users to Replace VPN Routers Due to Unresolved RCE Vulnerability
• Helldown Ransomware Targets Zyxel VPN Vulnerability to Infiltrate Networks
• VMware vCenter Server Vulnerabilities Now Under Active Exploitation
• Palo Alto Networks Addresses Four Critical Security Flaws in Expedition Firewall