Apple Addresses Critical Zero-Day Vulnerabilities Affecting Intel-Based Macs

Apple has addressed two critical zero-day vulnerabilities that were actively exploited by attackers to target Intel-based Macs. The flaws resided in macOS Sequoia’s JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components.

The more severe vulnerability, identified as CVE-2024-44308, could enable attackers to execute malicious code remotely via specially crafted web content. By contrast, the other flaw (CVE-2024-44309) could be leveraged for cross-site scripting (XSS) attacks.

These patches are included in macOS Sequoia 15.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1. Notably, this brings the total number of zero-day vulnerabilities that Apple has patched so far in 2024 to six.

It is crucial for users to update their devices to the latest software versions at the earliest convenience to safeguard themselves from these vulnerabilities. Here’s how to update your Apple device:

• For macOS devices, navigate to System Preferences > Software Update.
• On iPhones and iPads, go to Settings > General > Software Update.

By keeping your software up-to-date, you can ensure that your device is protected against the latest security threats.