Following up on yesterday’s story about how Apple pushed major macOS, iOS, and iPadOS security updates out the door to cover a pair of vulnerabilities, it appears that the vulnerabilities are already being exploited in the wild.
The vulnerabilities, credited to Google’s TAG (Threat Analysis Group), are being actively exploited on Intel-based macOS systems, Apple confirmed in an advisory released on Tuesday.
While Apple’s security response team did not did not provide any details on the reported attacks or indicators of compromise, they offered the following details as to the vulnerabilities and the patches distributed:
CVE-2024-44308 — JavaScriptCore — Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVE-2024-44309 — WebKit — Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
The company urged users across the Apple ecosystem to apply the urgent iOS 18.1.1, iPadOS 18.1.1, macOS Sequoia 15.1.1 and the older iOS 17.7.2.
If you haven’t updated your devices yet, now might be a good time to address this and we’ll have additional details as they become available.
Via SecurityWeek and support.apple.com
