Apple Releases Security Updates for Multiple Products

Multiple vulnerabilities affect macOS Sequoia, iOS, iPadOS, Safari, and visionOS

Threat ID:: CC-4579
Threat Severity:: Medium
Published:: 20 November 2024 4:15 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Multiple vulnerabilities affect macOS Sequoia, iOS, iPadOS, Safari, and visionOS

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 18.1.1

Safari

Versions: all prior to 18.1.1, all prior to 17.7.2

iOS

Versions: all prior to 18.1.1, all prior to 17.7.2

iPadOS

Versions: all prior to 15.1.1

macOS Sequoia

Versions: all prior to 2.1.1

visionOS

Threat details

Exploitation

Apple reports that CVE-2024-44308 and CVE-2024-44309 may have been actively exploited on Intel-based mac systems.

Introduction

Apple has released security updates to address two vulnerabilities in multiple Apple products.

The vulnerability CVE-2024-44308 is a weakness in JavaScriptCore when processing of maliciously crafted web content. Successful exploitation by an attacker could cause arbitrary code execution.

The second vulnerability CVE-2024-44309 is a vulnerability that impacts cookie management in WebKit that can may lead to a cross-site scripting attack during the processing of maliciously crafted web content.

Remediation advice

Affected organisations are encouraged to review Apple security releases and apply the relevant updates.

Remediation steps

Type	Step
Patch	Safari 18.1.1 \| 121756 https://support.apple.com/en-us/121756
Patch	visionOS 2.1.1 \| 121755 https://support.apple.com/en-us/121755
Patch	iOS 18.1.1 and iPadOS 18.1.1 \| 121752 https://support.apple.com/en-us/121752
Patch	iOS 17.7.2 and iPadOS 17.7.2 \| 121754 https://support.apple.com/en-us/121754
Patch	macOS Sequoia 15.1.1 \| 121753 https://support.apple.com/en-us/121753

Definitive source of threat updates

https://support.apple.com/en-us/100100

CVE Vulnerabilities

Status Published

CVE-2024-44308

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Status Published

CVE-2024-44309

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Last edited: 20 November 2024 4:15 pm