Apple Confirms Zero-Day Vulnerabilities Exploited in macOS Systems

Apple Urgently Patches Exploited Vulnerabilities in macOS and iOS

Apple has rolled out critical macOS and iOS security updates to address two actively exploited vulnerabilities.

The flaws, identified by Google’s Threat Analysis Group (TAG), are being exploited on Intel-based macOS systems, according to an advisory released by Apple on Tuesday.

As is standard practice, Apple did not disclose specific details about the attacks or provide indicators of compromise (IOCs) to assist defenders in detecting potential infections.

Details of the Patched Vulnerabilities:

CVE-2024-44308 — JavaScriptCore: Exploitation via maliciously crafted web content can result in arbitrary code execution. Apple confirmed reports of active exploitation on Intel-based Mac systems.

CVE-2024-44309 — WebKit: Exploitation via maliciously crafted web content can lead to cross-site scripting attacks. This vulnerability has also been reported as actively exploited on Intel-based Mac systems.

Apple strongly advises users to install the urgent updates: iOS 18.1.1, macOS Sequoia 15.1.1, and iOS 17.7.2 for older devices.

This security update follows reports earlier this month of North Korean cybercriminals targeting macOS users with phishing emails, fake PDF applications, and advanced techniques to bypass Apple’s defenses, all in pursuit of cryptocurrency theft.