Apple Fixes Actively Exploited Zero-Days Immediately

Although there is little information available about the vulnerabilities, the business did report that hackers have targeted Intel-based Mac devices in an attempt to take advantage of CVE-2024-44308 and CVE-2024-44309.

Apple Fixes Actively Exploited Zero-Days Immediately

Apple Fixes Vulnerabilities Exploited Zero-Day

Apple has released security updates to address two zero-day vulnerabilities that are under active exploitation in the wild.

The bugs, tracked as CVE-2024-44308 (CVSS 6.8) and CVE-2024-44309 (CVSS 4.3), are, respectively, a vulnerability in JavaScriptCore that could lead to arbitrary code execution; and a cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack while processing malicious Web content.

The bugs affect Apple's iOS, iPadOS, macOS, visionOS, and the Safari Web browser; the company reports that it has addressed them with better checks and improved state management.

Two zero-day vulnerabilities that are being actively exploited in the wild have been fixed by Apple security upgrades. A vulnerability in JavaScriptCore that could result in arbitrary code execution and a cookie management vulnerability in WebKit that could result in a cross-site scripting (XSS) attack while processing malicious Web content are the two bugs, which are tracked as CVE-2024-44308 (CVSS 6.8) and CVE-2024-44309 (CVSS 4.3), respectively. Apple claims to have fixed the issues, which impact its iOS, iPadOS, macOS, visionOS, and Safari web browser, with enhanced state management and checks.