Apple Security Update, Patch for Multiple Zero-Day Vulnerabilities
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Apple has issued an important security update for macOS Sequoia 15.1.1, addressing several zero-day vulnerabilities that have been actively exploited in the wild.
These patches protect Apple users, particularly those with Intel-based Mac systems, from potential security breaches.
The update fixes two significant vulnerabilities inJavaScriptCoreandWebKit, which are integral components of Apple’s Safari browser and other applications that render web content.
JavaScriptCore Vulnerability (CVE-2024-44308)
The first issue, CVE-2024-44308 lies withinJavaScriptCore, the engine responsible for executing JavaScript code on web pages.
Apple warns that processing maliciously crafted web content could allow an attacker to execute arbitrary code on the targeted device.
According to Apple, this flaw has been actively exploited, primarily on Intel-based Macs, and could potentially allow hackers to take control of affected systems.
The issue, reported by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group, was addressed with improved validation and checks.
Given its serious nature, users are strongly urged to update their systems to prevent any unauthorized access.
WebKit Vulnerability (CVE-2024-44309)
The second zero-day vulnerability, CVE-2024-44309 also reported by the same researchers, exists withinWebKit, the engine used by Safari and other Apple applications to display web content.
This bug involves improper cookie management, which could allow malicious actors to execute cross-site scripting (XSS) attacks—potentially compromising sensitive user data or enabling unauthorized actions on affected devices.
Apple has resolved this issue through improved state management.
Apple has not provided specific details about how these flaws were being exploited to protect its users while they apply the patches.
However, the company stresses the importance of updating tomacOS Sequoia 15.1.1immediately to safeguard against these vulnerabilities.
#Apple #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Apple Security Update, Patch for Multiple Zero-Day Vulnerabilities
Author: DhivyaApple has issued an important security update for macOS Sequoia 15.1.1, addressing several zero-day vulnerabilities that have been actively exploited in the wild.
These patches protect Apple users, particularly those with Intel-based Mac systems, from potential security breaches.
The update fixes two significant vulnerabilities inJavaScriptCoreandWebKit, which are integral components of Apple’s Safari browser and other applications that render web content.
JavaScriptCore Vulnerability (CVE-2024-44308)
The first issue, CVE-2024-44308 lies withinJavaScriptCore, the engine responsible for executing JavaScript code on web pages.
Apple warns that processing maliciously crafted web content could allow an attacker to execute arbitrary code on the targeted device.
According to Apple, this flaw has been actively exploited, primarily on Intel-based Macs, and could potentially allow hackers to take control of affected systems.
The issue, reported by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group, was addressed with improved validation and checks.
Given its serious nature, users are strongly urged to update their systems to prevent any unauthorized access.
WebKit Vulnerability (CVE-2024-44309)
The second zero-day vulnerability, CVE-2024-44309 also reported by the same researchers, exists withinWebKit, the engine used by Safari and other Apple applications to display web content.
This bug involves improper cookie management, which could allow malicious actors to execute cross-site scripting (XSS) attacks—potentially compromising sensitive user data or enabling unauthorized actions on affected devices.
Apple has resolved this issue through improved state management.
Apple has not provided specific details about how these flaws were being exploited to protect its users while they apply the patches.
However, the company stresses the importance of updating tomacOS Sequoia 15.1.1immediately to safeguard against these vulnerabilities.
#Apple #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
