Earlier yesterday [November 19, 2024], Apple issued an emergency security update to all its users after hackers targeted the tech giant’s Intel-based Mac systems.
Apple confirmed in a security advisory statement that it was aware of 2 critical vulnerabilities in the Mac system, which malicious actors could have exploited.
To patch the 2 critical zero-day vulnerabilities, Apple recommends updating to the latest macOS version. The tech giant fixed a pair of security bugs used in active cyberattacks targeting Mac users.
TechCrunch says the bugs are considered “zero-day” vulnerabilities because they were unknown to Apple at the time they were exploited.
The vulnerabilities were exploited by cyber threat actors via malicious web content and cross-site scripting attacks.
Also Read: Apple To Launch Wall Device That Lets AI Control Home in March
System Updates to Protect Mac Systems
Apple has now released new security updates for macOS, iOS, iPadOS, and visionOS to tackle the vulnerabilities in iOS 17 software.
The vulnerabilities were identified in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components.
According to Apple, the impact on JavaScriptCore was related to processing maliciously crafted web content that may lead to arbitrary code execution.
The impact of the WebKit vulnerability could lead to cross-site scripting attacks when processing malicious web content.
Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems,” the company stated.
This issue was further addressed with improved checks.
“A cookie management issue was addressed with improved state management,” noted the tech giant.
No additional details were provided regarding the exploitation of Mac systems. However, Apple acknowledged that both flaws were discovered by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group.
Addressing Zero-Day Vulnerabilities
In just 2024, Apple has already addressed a total of six zero-day vulnerabilities which could have been exploited by hackers and compromised user devices. The first flaw was fixed in January, two more in March, and another in May.
Earlier this year, Apple faced a series of cyberattacks involving mercenary spyware. Many Apple users worldwide were targeted, allowing hackers to remotely compromise their iPhones.
EM360Tech reported that Apple sent out an email notification to users in 92 countries saying hackers have tried to "remotely compromise the iPhone," on multiple occasions, warning users to enter "lockdown mode" to keep their devices secure.
"Apple detected that you are being targeted by a mercenary spyware attack," the email stated, "this attack is likely targeting you specifically because of who you are or what you do."
"If your device is compromised by a targeted mercenary spyware attack, the attacker may be able to remotely access your sensitive data, communications, or even the camera and microphone," the email continued.
Apple tacked the issues and recommended all users to immediately update their iOS devices. This ensures users have the most recent security patches to combat new threats.
