Ethical Hacking News
Apple has released security updates for iOS, iPadOS, macOS, visionOS, and Safari to address two actively exploited zero-day flaws. The vulnerabilities were identified as CVE-2024-44308 and CVE-2024-44309 and have been attributed to highly-targeted government-backed or mercenary spyware attacks. Users are advised to update their devices to the latest version to minimize potential threats.
Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari to address two zero-day flaws.The vulnerabilities were identified as CVE-2024-44308 and CVE-2024-44309 by Google's Threat Analysis Group.CVE-2024-44308 is a JavaScriptCore vulnerability that could lead to arbitrary code execution, while CVE-2024-44309 is a WebKit cookie management vulnerability that could lead to cross-site scripting attacks.The zero-day flaws were likely used in highly-targeted government-backed or mercenary spyware attacks.Security updates are available for several devices and operating systems, including iOS 18.1.1, iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1, and Safari 18.1.1.The importance of keeping devices updated should not be understated to minimize the risk of exploitation.
Apple, one of the world's most renowned technology companies, has recently released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have been actively exploited in the wild. The vulnerabilities, identified as CVE-2024-44308 and CVE-2024-44309, were found by Google's Threat Analysis Group (TAG), a team led by Clément Lecigne and Benoît Sevens.
According to Apple, CVE-2024-44308 is a vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content. On the other hand, CVE-2024-44309 is a cookie management vulnerability in WebKit that could lead to cross-site scripting (XSS) attacks when processing malicious web content.
These two zero-day flaws were likely used as part of highly-targeted government-backed or mercenary spyware attacks, according to Apple. The fact that these vulnerabilities were actively exploited on Intel-based Mac systems suggests a high level of sophistication and a clear intention behind the attacks.
The security updates for iOS, iPadOS, macOS, visionOS, and Safari have been made available for several devices and operating systems. These include:
* iOS 18.1.1 and iPadOS 18.1.1 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
* iOS 17.7.2 and iPadOS 17.7.2 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
* macOS Sequoia 15.1.1 - Macs running macOS Sequoia
* visionOS 2.1.1 - Apple Vision Pro
* Safari 18.1.1 - Macs running macOS Ventura and macOS Sonoma
In total, this is the fourth zero-day flaw that Apple has addressed in its software this year, including one that was demonstrated at the Pwn2Own Vancouver hacking competition.
The importance of keeping devices updated should not be understated. Apple's security updates demonstrate the need for vigilance and proactive measures to safeguard against potential threats. It is essential for users to update their devices as soon as possible to minimize the risk of exploitation.
In conclusion, the recent release of security updates by Apple addresses two zero-day flaws that have been actively exploited in the wild. These vulnerabilities highlight the importance of staying informed about emerging threats and taking proactive steps to safeguard against potential risks.
Related Information:
https://thehackernews.com/2024/11/apple-releases-urgent-updates-to-patch.html
Published: Tue Nov 19 23:54:41 2024 by llama3.2 3B Q4_K_M
