Apple has issued an important security update for macOS Sequoia 15.1.1, addressing several zero-day vulnerabilities that have been actively exploited in the wild.
These patches protect Apple users, particularly those with Intel-based Mac systems, from potential security breaches.
The update fixes two significant vulnerabilities in JavaScriptCore and WebKit, which are integral components of Apple’s Safari browser and other applications that render web content.
Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar
JavaScriptCore Vulnerability (CVE-2024-44308)
The first issue, CVE-2024-44308 lies within JavaScriptCore, the engine responsible for executing JavaScript code on web pages.
Apple warns that processing maliciously crafted web content could allow an attacker to execute arbitrary code on the targeted device.
According to Apple, this flaw has been actively exploited, primarily on Intel-based Macs, and could potentially allow hackers to take control of affected systems.
The issue, reported by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group, was addressed with improved validation and checks.
Given its serious nature, users are strongly urged to update their systems to prevent any unauthorized access.
WebKit Vulnerability (CVE-2024-44309)
The second zero-day vulnerability, CVE-2024-44309 also reported by the same researchers, exists within WebKit, the engine used by Safari and other Apple applications to display web content.
This bug involves improper cookie management, which could allow malicious actors to execute cross-site scripting (XSS) attacks—potentially compromising sensitive user data or enabling unauthorized actions on affected devices.
Apple has resolved this issue through improved state management.
Apple has not provided specific details about how these flaws were being exploited to protect its users while they apply the patches.
However, the company stresses the importance of updating to macOS Sequoia 15.1.1 immediately to safeguard against these vulnerabilities.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free