Apple says Mac users are being targeted by dangerous zero-day attacks, so update now

A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
(Image credit: Getty Images)

  • Apple has issued a patch to a number of its operating systems
  • The patch addresses two critical vulnerabilities in JavaScriptCore and WebKit
  • Users should install the patches immediately

Apple has issued a patch for macOS following the exposure of two critical zero-day vulnerabilities found in the software.

The macOS Sequoia 15.1.1 update looks to mitigate a vulnerability in JavaScriptCore that would allow attackers to create malicious web content that could result in arbitrary code execution.

A second vulnerability found in WebKit would allow attackers to also use malicious web content for cross site scripting attacks, with Apple stating for both vulnerabilities, it is “aware of a report that this issue may have been actively exploited on Intel-based Mac systems.”

Patch now, warns Apple

While the vulnerability may have only been potentially exploited on Intel-based Mac systems, Apple has also issued patches across its range of operating systems, including Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1. The JavaScriptCore and WebKit vulnerabilies could allow attackers to compromise vulnerable devices and steal data or install malware.

The vulnerabilities are tracked as CVE-2024-44308 and CVE-2024-44309, and have not yet received a severity score from NVD. However, due to the nature of the vulnerabilities and the fact that they were previously unknown to Apple, they are likely to be deemed critical and users should apply patches immediately.

The vulnerabilities were discovered by Google’s Threat Analysis Group which typically deals with state-sponsored threats, suggesting that a government or state-sponsored actor was responsible for the exploitation of the vulnerabilities.

Mac users can apply the patch by searching for updates in the usual manner by using the Apple menu to navigate to System Settings > General > and then clicking Software Update. iPhone users can apply the patch by navigating to Settings > General > and then clicking Software Update. Be aware that older devices that use older operating systems may not have a patch available.

Via TechCrunch

You might also like

TOPICS
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
Apple Siri
Update your Apple device now: iOS 18.3.2 fixes a flaw that could be exploited by hackers
An iPhone with a 10:30am alarm ringing next to an Apple Watch that displays the time as 12:42pm
Apple warns "extremely sophisticated attack" hits iPhones and iPads, so update now
Security
Microsoft reveals more on a potentially major Apple macOS security flaw
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
Latest in Pro
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before