Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Benedict Collins

Apple says Mac users are being targeted by dangerous zero-day attacks, so update now

A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

  • Apple has issued a patch to a number of its operating systems
  • The patch addresses two critical vulnerabilities in JavaScriptCore and WebKit
  • Users should install the patches immediately

Apple has issued a patch for macOS following the exposure of two critical zero-day vulnerabilities found in the software.

The macOS Sequoia 15.1.1 update looks to mitigate a vulnerability in JavaScriptCore that would allow attackers to create malicious web content that could result in arbitrary code execution.

A second vulnerability found in WebKit would allow attackers to also use malicious web content for cross site scripting attacks, with Apple stating for both vulnerabilities, it is “aware of a report that this issue may have been actively exploited on Intel-based Mac systems.”

Patch now, warns Apple

While the vulnerability may have only been potentially exploited on Intel-based Mac systems, Apple has also issued patches across its range of operating systems, including Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1. The JavaScriptCore and WebKit vulnerabilies could allow attackers to compromise vulnerable devices and steal data or install malware.

The vulnerabilities are tracked as CVE-2024-44308 and CVE-2024-44309, and have not yet received a severity score from NVD. However, due to the nature of the vulnerabilities and the fact that they were previously unknown to Apple, they are likely to be deemed critical and users should apply patches immediately.

The vulnerabilities were discovered by Google’s Threat Analysis Group which typically deals with state-sponsored threats, suggesting that a government or state-sponsored actor was responsible for the exploitation of the vulnerabilities.

Mac users can apply the patch by searching for updates in the usual manner by using the Apple menu to navigate to System Settings > General > and then clicking Software Update. iPhone users can apply the patch by navigating to Settings > General > and then clicking Software Update. Be aware that older devices that use older operating systems may not have a patch available.

Via TechCrunch

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.