Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Apple Confirms Zero-Day Attacks Hitting macOS Systems

Apple rushes out out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild.

Apple patches vulnerabilities

Apple has rushed out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild.

The vulnerabilities, credited to Google’s TAG (Threat Analysis Group), are being actively exploited on Intel-based macOS systems, Apple confirmed in an advisory released on Tuesday.

As is customary, Apple’s security response team did not provide any details on the reported attacks or indicators of compromise (IOCs) to help defenders hunt for signs of infections.

Raw details on the patched vulnerabilities:

  • CVE-2024-44308 — JavaScriptCore — Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
  • CVE-2024-44309 — WebKit —  Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

The company urged users across the Apple ecosystem to apply the urgent iOS 18.1.1, macOS Sequoia 15.1.1 and the older iOS 17.7.2.

Earlier this month, North Korean cryptocurrency thieves were found once again targeting macOS users with a new malware campaign that uses phishing emails, fake PDF applications, and a novel technique to evade Apple’s security measures.

Related: NotLockBit Ransomware Can Target macOS Devices

Related: Microsoft: macOS Vulnerability Potentially Exploited in Adware Attacks

Related: Apple Patches Over 70 Flaws Across iOS, macOS Devices

Advertisement. Scroll to continue reading.

Related: Apple Opens Private Cloud Compute for Public Security Inspection 

Related: Apple iOS 18.0.1 Patches Password Exposure and Audio Snippet Bugs

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.