Apple has issued patches for two critical zero-day vulnerabilities actively exploited by threat actors. These flaws allow attackers to leverage malicious web content to execute arbitrary code and carry out cross-site scripting (XSS) attacks.
The critical security patch includes updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser.
Details of the Vulnerabilities
- CVE-2024-44308 (CVSS score: 8.8) A flaw in JavaScriptCore that allows arbitrary code execution when processing malicious web content.
- CVE-2024-44309 (CVSS score: 6.1) A cookie management issue in WebKit that enables cross-site scripting (XSS) attacks when handling malicious web content.
Impacted Systems
- iOS 18.1.1 and iPadOS 18.1.1: Compatible with iPhone XS and later models, iPad Pro (13-inch, 12.9-inch 3rd gen and later, 11-inch 1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later), and iPad mini (5th gen and later).
- iOS 17.7.2 and iPadOS 17.7.2: Compatible with iPhone XS and later models, iPad Pro (13-inch, 12.9-inch 2nd gen and later, 10.5-inch, 11-inch 1st gen and later), iPad Air (3rd gen and later), iPad (6th gen and later), and iPad mini (5th gen and later).
- macOS Sequoia 15.1.1: For Macs running macOS Sequoia.
- visionOS 2.1.1: For Apple Vision Pro.
- Safari 18.1.1: Available for Macs running macOS Ventura and macOS Sonoma.
Recommendations
Users are strongly encouraged to update quickly to protect against potential threats posed by these vulnerabilities.
Syxsense: Your Partner in Automated Patch Management
Syxsense can improve your security with automated patch management. You can identify and prioritize missing or critical patches across your OS and software applications, and deploy them automatically. Take a more proactive approach to your patching strategy with Syxsense. Contact Syxsense today to learn how we can help you safeguard your critical assets.
