Apple has issued emergency patches to address two zero-day vulnerabilities that were actively exploited in attacks targeting Intel-based Mac systems. The vulnerabilities, tracked as CVE-2024-44308 and CVE-2024-44309, were found in the macOS Sequoia JavaScriptCore and WebKit components.
The flaws, which could allow attackers to execute malicious code and conduct cross-site scripting (CSS) attacks, were resolved in the latest macOS Sequoia 15.1.1 update. To safeguard users of other Apple devices, the security fixes have also been applied to iOS 17.7.2 and iPadOS 17.7.2, as well as iOS 18.1.1, iPadOS 18.1.1, and visionOS 2.1.1.
Apple credited the discovery of both vulnerabilities to Clément Lecigne and Benoît Sevens of Google’s threat analysis group. However, the company did not disclose specific details about how these exploits were leveraged in real-world attacks. Efforts to gain further insights from Google yielded no additional information, reported BleepingComputer.
The CVE-2024-44308 vulnerability in JavaScriptCore enables attackers to execute remote code using maliciously crafted web content, while the CVE-2024-44309 vulnerability in WebKit facilitates CSS. These components are integral to Apple’s operating systems, underscoring the widespread impact of the flaws.
“Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems,” said the Cupertino-based technology giant.
The company has resolved six zero-day vulnerabilities so far this year with its latest patches. This represents a significant decrease compared to the 20 zero-day exploits it had addressed in 2023. Last year’s fixes spanned several months, with September seeing the highest concentration of critical patches.
Oracle and Palo Alto Networks also act against zero-day vulnerabilities
In a parallel development, Oracle has patched a critical zero-day vulnerability, CVE-2024-21287, in its Agile Product Lifecycle Management (PLM) platform. The flaw, which allows unauthenticated attackers to exploit the system remotely and access sensitive files, has been actively used in attacks. Oracle strongly urged its Agile PLM customers to apply the latest updates to prevent further exploitation.
“This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in file disclosure,” said Oracle.
Oracle’s flaw was disclosed by Joel Snape and Lutz Wolf of CrowdStrike.
Meanwhile, this week, Palo Alto Networks also released updates addressing two actively exploited zero-day vulnerabilities in its next-generation firewalls. The flaws, tracked as CVE-2024-0012 and CVE-2024-9474, pose significant risks to devices exposed to the internet, with exploitation occurring through the PAN-OS management web interface.
Read more: Palo Alto Networks issues security updates for two zero-day vulnerabilities
