Apple is warning Mac users of two critical zero-day vulnerabilities being actively exploited on Intel Macs, with the latest macOS Sequoia update addressing them.
Bad actors are actively exploiting two vulnerabilities, one in JavaScriptCore and the other in WebKit.
JavaScriptCore
Available for: macOS Sequoia
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Description: The issue was addressed with improved checks.
WebKit
Available for: macOS Sequoia
Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Description: A cookie management issue was addressed with improved state management.
Users are advised to upgrade to macOS Sequoia 15.1.1 immediately.
