Two Apple Flaws Used in Attacks on Intel-Based Macs

Apple on Tuesday hurried out emergency updates for two vulnerabilities (CVE-2024-44308 and CVE-2024-44309) that have been exploited on Intel-based Macs. The flaws impact various versions of Macs, iPhones and iPads.

Key Details:

• One flaw (CVE-2024-44308) exists in JavaScriptCore, which is the JavaScript engine for WebKit

• If the flaw is successfully exploited via processing maliciously crafted web content, it could allow arbitrary code execution. Apple said it fixed the flaw with improved checks

• A second flaw (CVE-2024-44309) exists in WebKit, the web browser engine developed by Apple and used by Safari, Mail, App Store, and many other apps

• The flaw is described as a cookie management issue where the processing of maliciously crafted web content could allow a cross-site scripting attack. Apple said it has been fixed with improved state management

Vendor Reaction: For both flaws, “Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems,” according to its advisories. Apple released the following security updates that address these flaws: macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, visionOS 2.1.1 and Safari 18.1.1.

Why It Matters: Apple didn’t disclose further details of the exploitation activity, but the vulnerabilities were discovered by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group, a team that is known for tracking advanced persistent threat groups, targeted surveillance campaigns and more. The fact that one of the flaws exists in Webkit - which has been previously targeted by attackers - and that the vulnerabilities have already been used in attacks are indications that users should update their Macs, iPhones and iPads as soon as they can.