Apple has recently rushed out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild. Apple noted that the vulnerabilities are being actively exploited on Intel-based macOS systems. The vulnerabilities patched include CVE-2024-44308 and CVE-2024-44309. Apple said CVE-2024-44308 affects JavaScriptCore, and processing maliciously crafted web content may lead to arbitrary code execution. CVE-2024-44309 affects WebKit, and Apple says that processing maliciously crafted web content may lead to a cross site scripting attack. Apple is urging users across the Apple ecosystem to update their systems to iOS 18.1.1, macOS Sequoia 15.1.1, and the older iOS 17.7.2 to address the vulnerabilities.
SecurityWeek reports: "Apple Confirms Zero-Day Attacks Hitting macOS Systems"