Apple fixed two zero-day vulnerabilities weaponized against Intel-based macOS systems

You May Be Interested In:Victoria’s hot seats LIVE updates: Our on-camera chat with Amelia Hamer in Kooyong; A battle of Wills: NOBS group highlights what’s missing north of Bell Street


Facepalm: Google researchers have discovered a couple of zero-day vulnerabilities in Apple’s WebKit components. The flaws have already been patched, but Cupertino strongly urges users to update their systems as soon as possible since it believes hackers are exploiting the security holes in the wild.

Apple found two dangerous vulnerabilities in its operating systems’ JavaScriptCore and WebKit components. The security issues only affect Intel-based systems. However, the security updates apply to all Apple computer platforms.

The first flaw (CVE-2024-44308) impacts the JavaScriptCore framework that provides the JavaScript engine included in WebKit. Maliciously crafted web content could lead to arbitrary code execution. Apple noted that unknown threat actors may have exploited the flaw on Intel-based Mac systems.

The second vulnerability (CVE-2024-44309) affects the WebKit layout engine used by Safari and a few other web browsers. The flaw could allow hackers to develop a cross-site scripting attack targeting Intel Mac systems.

Bad actors looking to crack Apple devices have constantly targeted WebKit as its biggest weakness. Once the web browser is compromised, hackers can push their attack further into the system for various purposes, including weaponizing iPhones, stealing user data, and eavesdropping on communications between susceptible targets.

Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group, a security team created to counter government-backed hacking activities, discovered the flaws. Apple devices are often one of the main focuses of commercial spyware platforms, which are known for making a business out of researching and exploiting unknown vulnerabilities for their customers.

Apple hasn’t provided specific details regarding the hackers trying to exploit the flaws. Cupertino developers patched the two zero-day issues by improving JS checks in JavaScriptCore and state management in WebKit.

The fixes for JavaScriptCore and WebKit are available in the latest versions of macOS Sequoia (15.1.1), iOS (18.1.1), and iPadOS (18.1.1). The patches also rolled out to iOS 17.7.2 and iPadOS 17.7.2. Additional security updates are available for the Safari browser on macOS Ventura, macOS Sonoma, and the Vision Pro mixed reality headset (visionOS 2.1.1).

share Paylaş facebook pinterest whatsapp x print

Similar Content

OpenAI
OpenAI’s newest AI model is switching languages to Chinese and others while reasoning, puzzling users and experts
Donald Trump says Apple boss Tim Cook called him with EU concerns
Donald Trump says Apple boss Tim Cook called him with EU concerns
Pegasus spyware may be more commonplace than we
Pegasus spyware may be more commonplace than we’ve been led to believe
Tech Weekly Roundup: Top 5 News from the Week You Can’t Miss
Tech Weekly Roundup: Top 5 News from the Week You Can’t Miss
Developer creates a subpixel version of Snake that requires a microscope to play
Developer creates a subpixel version of Snake that requires a microscope to play
Messari Report Shows Memecoins Boost Tron's Q3 Revenue to Record $151 Million
Messari Report Shows Memecoins Boost Tron’s Q3 Revenue to Record $151 Million
Flash News Hub | © 2024 | News