Apple has released several major security updates, including iOS and iPadOS 17.7.2, iOS and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1, and more.
Addressing two critical vulnerabilities that could allow attackers to remotely compromise a user’s device, Apple has shared that the vulnerabilities may have been actively exploited on Intel-based Mac systems, but Apple security expert, Michael Covington, vice president of Portfolio Strategy at Jamf, is urging all users to update any device that is at risk.
“Apple’s iOS 18.1.1 and iPadOS 18.1.1 include two important security fixes to bugs that could allow attackers to remotely compromise a user’s devices,” he says. “While Apple has warned that the vulnerabilities, also present in macOS, may be actively exploited on Intel-based systems, we recommend updating any device that is at risk.”
CVE-2024-44308 is a vulnerability in JavaScriptCore, a framework for running JavaScript code in apps and web browsers. It allows attackers to compromise the device when malicious code is injected in the web content.
CVE-2024-44309 is a flaw found in WebKit that enables cross-site scripting attacks by exploiting how cookies are managed. Vulnerabilities in WebKit are important to patch quickly, as it is the framework that powers Safari, and also presents other web-based content to users.
“The fixes provided by Apple introduce stronger checks to detect and prevent malicious activity, as well as improve how devices manage and track data during web browsing,” says Covington. “With attackers potentially exploiting both vulnerabilities, it is critical that users and mobile-first organizations apply the latest patches as soon as they are able.”
