Ethical Hacking News
Apple has released security updates to address two actively exploited zero-day vulnerabilities in its operating systems and browser software. These vulnerabilities, identified by researchers from Google's Threat Analysis Group, have been used to exploit users' devices for malicious purposes. By updating their software to the latest versions, users can protect themselves against these threats.
Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari browser to address two actively exploited zero-day vulnerabilities. The first vulnerability (CVE-2024-44309) is a cookie management issue that could lead to cross-site scripting attacks when processing malicious web content. Apple improved state management in WebKit and provided updates for its operating systems and browser software to address the first vulnerability. The second vulnerability (CVE-2024-44308) impacts JavaScriptCore engine and could lead to arbitrary code execution when processing malicious web content. Apple addressed the second vulnerability by providing improved checks for its operating systems and browser software.
Apple recently released security updates for its various operating systems, including iOS, iPadOS, macOS, visionOS, and Safari browser, to address two actively exploited zero-day vulnerabilities. These vulnerabilities were identified by researchers from Google's Threat Analysis Group (TAG), specifically Clément Lecigne and Benoît Sévigné.
The first vulnerability, CVE-2024-44309, is a cookie management issue in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious web content. According to the advisory released by Apple, "processing maliciously crafted web content may lead to a cross site scripting attack." This issue has been reported to be actively exploited on Intel-based Mac systems.
To address this vulnerability, Apple improved the state management in WebKit. The company also took steps to prevent the exploitation of the cookie management issue by providing updates for its various operating systems and browser software.
The second vulnerability, CVE-2024-44308, impacts the JavaScriptCore engine and could lead to arbitrary code execution when processing malicious web content. Similar to the first vulnerability, Apple is aware of a report that this issue has been actively exploited on Intel-based Mac systems.
Apple addressed the second vulnerability by providing improved checks for its operating systems and browser software.
It's worth noting that neither Apple nor Google disclosed details about the attack or attributed it to specific threat actors. The fact that these vulnerabilities were not publicly disclosed raises questions about the level of cooperation between companies in the tech industry and law enforcement agencies when it comes to identifying and addressing security threats.
The release of these security updates highlights the importance of keeping software up-to-date and the need for companies like Apple to prioritize the security of their products. As we move forward in the digital age, it's essential that we remain vigilant in our efforts to protect ourselves from cyber threats.
In light of this recent development, users are advised to promptly update their devices to the latest versions of iOS, iPadOS, macOS, visionOS, and Safari browser to ensure they have the necessary protections against these vulnerabilities. By staying informed and taking proactive steps to secure our digital lives, we can help prevent further exploitation of these zero-day vulnerabilities.
Related Information:
https://securityaffairs.com/171202/uncategorized/apple-fixed-2-actively-exploited-zero-day-bugs.html
https://nvd.nist.gov/vuln/detail/CVE-2024-44308
https://www.cvedetails.com/cve/CVE-2024-44308/
https://nvd.nist.gov/vuln/detail/CVE-2024-44309
https://www.cvedetails.com/cve/CVE-2024-44309/
Published: Wed Nov 20 06:07:09 2024 by llama3.2 3B Q4_K_M
