Anasayfa » News » Apple fixed two zero-day vulnerabilities weaponized against Intel-based macOS systems

Apple fixed two zero-day vulnerabilities weaponized against Intel-based macOS systems

Apple fixed two zero-day vulnerabilities weaponized against Intel-based macOS systems
You May Be Interested In:The insidious doublespeak of Trump’s freedom of ‘choice’


Facepalm: Google researchers have discovered a couple of zero-day vulnerabilities in Apple’s WebKit components. The flaws have already been patched, but Cupertino strongly urges users to update their systems as soon as possible since it believes hackers are exploiting the security holes in the wild.

Apple found two dangerous vulnerabilities in its operating systems’ JavaScriptCore and WebKit components. The security issues only affect Intel-based systems. However, the security updates apply to all Apple computer platforms.

The first flaw (CVE-2024-44308) impacts the JavaScriptCore framework that provides the JavaScript engine included in WebKit. Maliciously crafted web content could lead to arbitrary code execution. Apple noted that unknown threat actors may have exploited the flaw on Intel-based Mac systems.

The second vulnerability (CVE-2024-44309) affects the WebKit layout engine used by Safari and a few other web browsers. The flaw could allow hackers to develop a cross-site scripting attack targeting Intel Mac systems.

Bad actors looking to crack Apple devices have constantly targeted WebKit as its biggest weakness. Once the web browser is compromised, hackers can push their attack further into the system for various purposes, including weaponizing iPhones, stealing user data, and eavesdropping on communications between susceptible targets.

Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group, a security team created to counter government-backed hacking activities, discovered the flaws. Apple devices are often one of the main focuses of commercial spyware platforms, which are known for making a business out of researching and exploiting unknown vulnerabilities for their customers.

Apple hasn’t provided specific details regarding the hackers trying to exploit the flaws. Cupertino developers patched the two zero-day issues by improving JS checks in JavaScriptCore and state management in WebKit.

The fixes for JavaScriptCore and WebKit are available in the latest versions of macOS Sequoia (15.1.1), iOS (18.1.1), and iPadOS (18.1.1). The patches also rolled out to iOS 17.7.2 and iPadOS 17.7.2. Additional security updates are available for the Safari browser on macOS Ventura, macOS Sonoma, and the Vision Pro mixed reality headset (visionOS 2.1.1).

share Paylaş facebook pinterest whatsapp x print

Similar Content

Nintendo Switch 2 officially announced, with more details set for April 2
Nintendo Switch 2 officially announced, with more details set for April 2 January 16, 2025
Microsoft Office apps will soon preload on Windows boot for faster launch
Microsoft Office apps will soon preload on Windows boot for faster launch March 29, 2025
Expert defends anti-AI misinformation law using chatbot-written misinformation
Expert defends anti-AI misinformation law using chatbot-written misinformation November 21, 2024
Datacentre construction: Worker shortage hampers boom
Datacentre construction: Worker shortage hampers boom September 30, 2024
Nvidia
Nvidia’s Fugatto AI sound model claims to transform audio production November 26, 2024
Biological computing offers path to drastically reduced energy consumption for digital processing
Biological computing offers path to drastically reduced energy consumption for digital processing December 26, 2024
Flash News Hub | © 2024 | News