Apple has released iOS 18.1.1, iPadOS 18.1.1, macOS Sequoia 15.1.1, and visionOS 2.1.1 updates to address two critical security vulnerabilities—CVE-2024-44308 and CVE-2024-44309—that may have been actively exploited, especially on Intel-based Mac systems.
These vulnerabilities involve the WebKit and JavaScriptCore frameworks, foundational components for web browsing and app interactions on Apple devices.
CVE-2024-44308 (JavaScriptCore)
This vulnerability allowed attackers to execute arbitrary code on devices when users interacted with maliciously crafted web content. The flaw was tied to inadequate checks within the JavaScriptCore framework. Apple addressed this issue by implementing improved validation processes.
CVE-2024-44309 (WebKit)
This flaw enabled cross-site scripting (XSS) attacks by exploiting weaknesses in cookie management during web browsing. Apple resolved this vulnerability by enhancing state management, ensuring robust handling of session data to prevent unauthorized access.
Devices affected
These vulnerabilities posed risks to various devices due to shared security flaws across platforms. However, Intel-based Macs were particularly at risk due to how their architecture interacts with these frameworks.
Updates and compatibility
- iOS 18.1.1 and iPadOS 18.1.1: Available for iPhone XS and later, and iPads starting from iPad Pro 3rd generation (12.9-inch) and iPad Air 3rd generation.
- iOS 17.7.2 and iPadOS 17.7.2: For older devices that cannot upgrade to iOS 18 or iPadOS 18.
- macOS Sequoia 15.1.1: Available for Intel-based and Apple Silicon Macs, including models from 2017 onward.
- visionOS 2.1.1: Released for Apple Vision Pro.
- Safari 18.1.1: Addresses the same flaws on systems running macOS Ventura and macOS Sonoma.
How to Update
- Open the Settings app (on iPhones, iPads, or Apple Vision Pro) or System Settings (on Macs).
- Navigate to General > Software Update.
- Select Download and Install for the latest available version.
- Ensure a stable Wi-Fi connection and sufficient battery life or keep the device plugged in during the update.
These security updates come amid a surge in macOS-targeted malware campaigns, driven by increasing adoption of Macs in corporate environments. Recent reports from cybersecurity firms highlight advanced persistent threats (APTs), such as the Lazarus Group, targeting macOS users. This highlights the importance of robust security measures, including timely updates, for individuals and organizations alike.
Updating to the latest software ensures your device is protected against these active exploits and reinforces overall system security.
(via support.apple.com)
Subscribe to our email newsletter to get the latest posts delivered right to your email.
Comments