SUBSCRIBE
SUBSCRIBE
Try "researchers"
Technology
By Keval Dave

Apple is Releasing Urgent Updates For Zero-Day Exploits on All Devices

Apple Devices

Apple has rolled out critical security updates for iOS, iPadOS, macOS, visionOS, and the Safari web browser to mitigate two actively exploited zero-day vulnerabilities.

These vulnerabilities, which have been observed in the wild, are detailed as follows:

  • CVE-2024-44308 (CVSS score: 8.8): A vulnerability in JavaScriptCore that allows arbitrary code execution when processing malicious web content.
  • CVE-2024-44309 (CVSS score: 6.1): A WebKit cookie management vulnerability enabling cross-site scripting (XSS) attacks through malicious web content.

Apple resolved these flaws using improved checks for CVE-2024-44308 and enhanced state management for CVE-2024-44309.

While specific exploitation details remain sparse, the company acknowledged that these vulnerabilities “may have been actively exploited on Intel-based Mac systems.”

Discovery and Attribution

Clément Lecigne and Benoît Sevens from Google’s Threat Analysis Group (TAG) discovered and reported the vulnerabilities.

Their involvement suggests these flaws were likely exploited in highly targeted attacks, potentially linked to government-backed or mercenary spyware campaigns.

Devices and Updates

The updates apply to the following devices and operating systems:

  • iOS 18.1.1 and iPadOS 18.1.1
    • iPhone XS and later
    • iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later)
    • iPad Pro 11-inch (1st generation and later)
    • iPad Air (3rd generation and later)
    • iPad (7th generation and later)
    • iPad mini (5th generation and later)
Apple Updates
  • iOS 17.7.2 and iPadOS 17.7.2
    • iPhone XS and later
    • iPad Pro 13-inch, iPad Pro 12.9-inch (2nd generation and later)
    • iPad Pro 10.5-inch
    • iPad Pro 11-inch (1st generation and later)
    • iPad Air (3rd generation and later)
    • iPad (6th generation and later)
    • iPad mini (5th generation and later)
  • macOS Sequoia 15.1.1
    • Applicable to all Macs running macOS Sequoia
  • visionOS 2.1.1
    • Exclusively for Apple Vision Pro
  • Safari 18.1.1
    • Macs running macOS Ventura and macOS Sonoma

Broader Context

These updates mark the fourth set of zero-day vulnerabilities addressed by Apple in 2024.

Earlier in the year, Apple patched CVE-2024-27834, a vulnerability demonstrated at the Pwn2Own Vancouver hacking competition, alongside others resolved in January and March.

User Advisory

To mitigate potential threats, users are strongly encouraged to update their devices to the latest versions immediately.

These updates not only address the zero-day vulnerabilities but also ensure the security and stability of Apple’s ecosystem.

Previous article
WhatsApp To Introduce Transcriptions For Voice Messages in Chats For Convenience
Next article
Samsung Cloud Gaming Platform, Popular Games on Demand For Free on Galaxy Devices
Keval Dave
Keval Dave
Keval Dave, a university student majoring in Mass Communication, possesses a profound interest in politics and strategic affairs. His analytical prowess and dedication to understanding global dynamics drive his pursuit of knowledge.
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Analyzing Market leads in delivering incisive stock market and economic insights, aimed at enlightening, guiding, and equipping its audience. We unveil pivotal financial data and trends, previously obscured or overlooked, across diverse media platforms including digital and mobile. Regardless of where life takes you, Analyzing Market ensures you stay informed with actionable intelligence right at your fingertips.

More from AM

Contact

Copyright © 2024 CWM Inc. Analyzing Market is part of the CWM Publishing Group..

0
Would love your thoughts, please comment.x
()
x