Apple issues emergency patch for RCE and CSS zero-days

Apple has released emergency security updates to address two critical zero-day vulnerabilities exploited in attacks targeting Intel-based Macs.

The first vulnerability, designated CVE-2024-44308, lies in the macOS Sequoia JavaScriptCore component, and could potentially allow remote code execution (RCE) by not properly validating maliciously crafted web content. The second vulnerability, designated CVE-2024-44309, is a WebKit flaw that could allow cross-site scripting (CSS) attacks.

Be the first to know of emerging threats.

Sign up to get our analysts' insights on emerging cyberattacks, vulnerabilities, and more sent straight to your inbox.

Sign up

Both flaws were discovered by Google and subsequently reported to Apple, who patched the flaws in macOS Sequoia version 15.1.1.  Apple has yet to disclose full details of the exploitation to prevent widespread misuse while urging users to install the patches.

Source: Bleeping Computer

Analysis

Critical vulnerabilities in Apple’s WebKit component have a history of being exploited by threat actors. In December 2023, Apple released emergency updates to address two actively exploited zero-day vulnerabilities discovered in the WebKit browser engine used by iPhones, iPads, and MacBooks. In September 2023, Apple released a patch to address another actively exploited vulnerability in WebKit that could lead to code execution while processing web content.

The exploitation of these types of vulnerabilities can be achieved with simple phishing or watering hole attacks, during which threat actors create and deliver content, via email or browser, that contains exploit code. When the malicious content is rendered by Apple WebKit, the exploit is triggered, and the device is compromised.

Given the number of vulnerabilities that continue to be discovered in its WebKit component, which is widely deployed across millions of Apple devices, Apple should examine this feature closely to proactively find these flaws and patch them before they are exploited by threat actors.

Mitigation

Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software such as Apple’s operating systems. Field Effect MDR users are automatically notified if a vulnerable version of MacOS is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.

Field Effect strongly recommends that impacted users install the patch as soon as possible, in accordance with Apple’s advisory.

Related Articles

• Apple's latest update patches two actively exploited zero-days
• Apple releases emergency updates to address actively exploited zero-day vulnerabilities
• Apple releases emergency patch to fix zero-day vulnerability exploited by Pegasus Spyware
• Apple patches zero-day vulnerabilities after espionage collusion accusations