Apple released emergency security updates to eliminate two zero-vulnerabilities used in attacks on systems with Intel processors.
Updates correct the errors found in the components of MacOS Sequoia JavaScriptcore and Webkit:
- CVE-2024-44308 (CVSS: 6.8)-vulnerability to MacOS Sequoia JavaScriptcore, which can lead to an arbitrary code (Remote Code Execution, RCE) when processing malicious web content.
- cve-2024-44309 (CVSS: 4.3)-COOKIE contaminability COOKIE -Fails in Webkit, which can lead to an attack using intersight scripting (Cross-Site Scripting, XSS) when processing malicious web content.
Apple said that she eliminated the vulnerability data, improving the verification and state management, respectively. Additional details about the methods of operation of deficiencies have not yet been provided.
The disadvantages were eliminated in updating macos sequoia 15.1.1. Similar components. Corrections are included in the version ios 17.7.2 and iPados 17.7.2, as well as IOS 18.1.1, iPados 18.1.1 and Visionos 2.1.1.
This year, Apple has already eliminated 6 zero -day vulnerabilities. For comparison, 20 such vulnerabilities have been corrected over the past year. Experts recommend that all users update their devices until the latest versions of operating systems to protect against possible attacks.
In September, Apple released a new version of the operating system for computers – MacOS 15, known as Sequoia. However, immediately after the release, it became known that the system causes problems in