Apple launched emergency security updates to repair two zero-day vulnerabilities that had been exploited in assaults on Intel-based Mac methods.
“Apple is conscious of a report that this difficulty could have been exploited,” the corporate stated in an advisory issued on Tuesday.
The 2 bugs had been discovered within the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) elements of macOS.
The JavaScriptCore CVE-2024-44308 flaw permits attackers to attain distant code execution via maliciously crafted internet content material. The opposite flaw, CVE-2024-44309, permits cross-site scripting (CSS) assaults.
The corporate says it addressed the security flaws in macOS Sequoia 15.1.1.
As the identical elements are present in different Apple working methods, it was additionally mounted in iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1.
Whereas Apple says each flaws had been found by Clément Lecigne and Benoît Sevens of Google’s Menace Evaluation Group, the corporate has not offered additional particulars on how they had been exploited.
BleepingComputer contacted Google to find out how the issues had been exploited however was instructed that they don’t have anything extra to share right now.
With these two vulnerabilities, Apple has mounted six zero-days up to now in 2024, with the first in January, two in March, and the fourth in Might.
This quantity is considerably higher than final yr when Apple mounted a complete of 20 zero-day flaws exploited within the wild, together with:
