Apple Issues Emergency Patch For Alarming Actively-Exploited Security Threat On Mac
The discovery of the vulnerabilities are attributed to Clement Lecigne and Benoit Sevens of Google’s Threat Analysis Group (TAG). Because of this, many are speculating that the vulnerabilities were likely being abused as part of highly-targeted government-backed or mercenary spyware attacks.
“The fixes provided by Apple introduce stronger checks to detect and prevent malicious activity, as well as improve how devices manage and track data during web browsing,” explained Michael Covington, VP of Strategy at Jamf. Covington added, “With attackers potentially exploiting both vulnerabilities, it is critical that users and mobile-first organizations apply the latest patches as soon as they are able.”
According to Apple’s announcement: CVE-2024-44308 - JavaScriptCore - Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. CVE-2024-44309 - WebKit - Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
The fixes included in the emergency patch are part of the macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, Safari 18.1.1, and visionOS 2.1.1 updates. Apple added the flaws may be actively exploited on Intel-based Mac systems, however, no details have been provided on who may have been involved.
Apple has addressed four other zero-day vulnerabilities in 2024. CVE-2024-27834 was demonstrated at the Pwn20wn Vancouver hacking competition, while the other three were patched in January and March of this year.
All Apple users are urged to update their devices immediately to address, and safeguard their devices against the new zero-day threats.