Apple fixes 2 Zero-Days exploited to breach MacOS Systems. 
Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities that “may have been actively exploited on Intel-based Mac systems”. As per usual, Apple didn’t share details about the attacks in which patched vulnerabilities are exploited.
[CVE-2024-44309 & CVE-2024-44308]
https://support.apple.com/en-us/121753
#apple #macos #update #it #security #privacy #engineer #media #tech #news![Apple has transitioned to using Intel processors on Macs in June 2006 and stopped shipping them altogether in June 2023, after starting using its own silicon in 2020.
The two vulnerabilities “may have been actively exploited on Intel-based Mac systems”, but it’s unclear at this time whether that means that they can’t be exploited on Apple-based Macs.
[⚠️In any case, all MacOS Sequoia users should update their systems as soon as possible.⚠️]
CVE-2024-44309 affects WebKit, the browser engine used in the Safari web browser and all iOS and iPadOS web browsers, and can be triggered when it’s made to process maliciously crafted web content. It can enable a cross site scripting (XSS) attack.
CVE-2024-44308 affects JavaScriptCore (the built-in JavaScript engine for WebKit) and can likewise be exploited via maliciously crafted web content. It can lead to arbitrary code execution.
<Both vulnerabilities have been reported by security researchers Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG).>](https://friendica-leipzig.de/photo/preview/600/306034 "Apple has transitioned to using Intel processors on Macs in June 2006 and stopped shipping them altogether in June 2023, after starting using its own silicon in 2020.
The two vulnerabilities “may have been actively exploited on Intel-based Mac systems”, but it’s unclear at this time whether that means that they can’t be exploited on Apple-based Macs.
[⚠️In any case, all MacOS Sequoia users should update their systems as soon as possible.⚠️]
CVE-2024-44309 affects WebKit, the browser engine used in the Safari web browser and all iOS and iPadOS web browsers, and can be triggered when it’s made to process maliciously crafted web content. It can enable a cross site scripting (XSS) attack.
CVE-2024-44308 affects JavaScriptCore (the built-in JavaScript engine for WebKit) and can likewise be exploited via maliciously crafted web content. It can lead to arbitrary code execution.
<Both vulnerabilities have been reported by security researchers Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG).>")
Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities that “may have been actively exploited on Intel-based Mac systems”. As per usual, Apple didn’t share details about the attacks in which patched vulnerabilities are exploited.
[CVE-2024-44309 & CVE-2024-44308]
https://support.apple.com/en-us/121753
#apple #macos #update #it #security #privacy #engineer #media #tech #news
![Apple has transitioned to using Intel processors on Macs in June 2006 and stopped shipping them altogether in June 2023, after starting using its own silicon in 2020.
The two vulnerabilities “may have been actively exploited on Intel-based Mac systems”, but it’s unclear at this time whether that means that they can’t be exploited on Apple-based Macs.
[⚠️In any case, all MacOS Sequoia users should update their systems as soon as possible.⚠️]
CVE-2024-44309 affects WebKit, the browser engine used in the Safari web browser and all iOS and iPadOS web browsers, and can be triggered when it’s made to process maliciously crafted web content. It can enable a cross site scripting (XSS) attack.
CVE-2024-44308 affects JavaScriptCore (the built-in JavaScript engine for WebKit) and can likewise be exploited via maliciously crafted web content. It can lead to arbitrary code execution.
<Both vulnerabilities have been reported by security researchers Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG).>](https://nerdculture.de/system/media_attachments/files/113/550/115/235/161/948/original/b9eaecf4b0b1233b.jpeg "Apple has transitioned to using Intel processors on Macs in June 2006 and stopped shipping them altogether in June 2023, after starting using its own silicon in 2020.
The two vulnerabilities “may have been actively exploited on Intel-based Mac systems”, but it’s unclear at this time whether that means that they can’t be exploited on Apple-based Macs.
[⚠️In any case, all MacOS Sequoia users should update their systems as soon as possible.⚠️]
CVE-2024-44309 affects WebKit, the browser engine used in the Safari web browser and all iOS and iPadOS web browsers, and can be triggered when it’s made to process maliciously crafted web content. It can enable a cross site scripting (XSS) attack.
CVE-2024-44308 affects JavaScriptCore (the built-in JavaScript engine for WebKit) and can likewise be exploited via maliciously crafted web content. It can lead to arbitrary code execution.
<Both vulnerabilities have been reported by security researchers Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG).>")
About the security content of macOS Sequoia 15.1.1 - Apple Support
This document describes the security content of macOS Sequoia 15.1.1.Apple Support
