🚀 Limited Time Offer: Get your first pentest for just $1299! Trusted by 300+ customers. Get Started

Apple Issues Critical Updates to Address Active Zero-Day Threats

Apple Issues Critical Updates to Address Active Zero-Day Threats

Apple has released essential security updates to patch two zero-day vulnerabilities currently being exploited in the wild. These updates span iOS, iPadOS, macOS, visionOS, and Safari, emphasizing the urgency for users to update their devices promptly.

The Vulnerabilities

  1. CVE-2024-44308

    • Details: A flaw in JavaScriptCore that could enable attackers to execute arbitrary code by luring users into visiting malicious web pages.

  2. CVE-2024-44309

    • Details: A WebKit cookie handling vulnerability that could result in cross-site scripting (XSS) attacks via crafted web content.

How Apple addressed the vulnerabilities - CVE-2024-44308 and CVE-2024-44309

Apple addressed these vulnerabilities with targeted fixes: enhanced validation for CVE-2024-44308 and improved cookie state management for CVE-2024-44309. While exact details of how these vulnerabilities were exploited remain undisclosed, Apple noted that Intel-based Mac systems may have been particularly affected.

Who discoverd the vulnerabilities?

These vulnerabilities were discovered by Clément Lecigne and Benoît Sevens from Google’s Threat Analysis Group (TAG). Their findings suggest that the flaws might have been used in highly targeted attacks, possibly linked to state-sponsored or spyware operations.

Devices Requiring Updates

The updates are available for the following devices and operating systems:

  • iOS 18.1.1 & iPadOS 18.1.1

    • iPhone XS and later, various iPad Pro, Air, and mini models.

  • iOS 17.7.2 & iPadOS 17.7.2

    • Similar compatibility as iOS 18 but supports older generations of iPads.

  • macOS Sequoia 15.1.1

    • Applies to Macs running macOS Sequoia.

  • visionOS 2.1.1

    • Relevant for Apple Vision Pro users.

  • Safari 18.1.1

    • Available for macOS Ventura and macOS Sonoma.

This year, Apple has already patched four zero-day vulnerabilities, including one showcased at Pwn2Own Vancouver. These continuous discoveries highlight the need for vigilance, as even widely trusted platforms are not immune to exploitation.

Action Steps

Pentestlive urges all users to update their devices immediately. These updates are not just optional upgrades—they’re crucial for staying protected against real-world threats.

Get started with your penetration testing with PentestLive. PentestLive is one of it’s kind Penetration Testing As A Service Platform that provides easy to use dashboard and ultimate asset visibility which are part of the penetration test.

Ready to Secure Your Digital Assets?

Don't wait for a breach to happen. Our expert penetration testing services can help you identify and address vulnerabilities before attackers do. Get started with PentestLive today and take your cybersecurity to the next level.

Request a Demo →