Skip Navigation

November 20, 2024 |

Apple issues emergency patch for RCE and CSS zero-days

Loading table of contents...

Apple has released emergency security updates to address two critical zero-day vulnerabilities exploited in attacks targeting Intel-based Macs.

The first vulnerability, designated CVE-2024-44308, lies in the macOS Sequoia JavaScriptCore component, and could potentially allow remote code execution (RCE) by not properly validating maliciously crafted web content. The second vulnerability, designated CVE-2024-44309, is a WebKit flaw that could allow cross-site scripting (CSS) attacks.

Blog-ThreatIntel-SignUp

Stay on top of emerging threats.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.

Sign up

Both flaws were discovered by Google and subsequently reported to Apple, who patched the flaws in macOS Sequoia version 15.1.1.  Apple has yet to disclose full details of the exploitation to prevent widespread misuse while urging users to install the patches.

Source: Bleeping Computer

Analysis

Critical vulnerabilities in Apple’s WebKit component have a history of being exploited by threat actors. In December 2023, Apple released emergency updates to address two actively exploited zero-day vulnerabilities discovered in the WebKit browser engine used by iPhones, iPads, and MacBooks. In September 2023, Apple released a patch to address another actively exploited vulnerability in WebKit that could lead to code execution while processing web content.

The exploitation of these types of vulnerabilities can be achieved with simple phishing or watering hole attacks, during which threat actors create and deliver content, via email or browser, that contains exploit code. When the malicious content is rendered by Apple WebKit, the exploit is triggered, and the device is compromised.

Given the number of vulnerabilities that continue to be discovered in its WebKit component, which is widely deployed across millions of Apple devices, Apple should examine this feature closely to proactively find these flaws and patch them before they are exploited by threat actors.

Mitigation

Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software such as Apple’s operating systems. Field Effect MDR users are automatically notified if a vulnerable version of MacOS is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.

Field Effect strongly recommends that impacted users install the patch as soon as possible, in accordance with Apple’s advisory.

Related Articles