Apple Patches Two Zero-Day Attack Vectors

Check out our latest products

Added to wishlistRemoved from wishlist 0
Add to compare
(2-Way Audio & PIR Detection) Dual Antennas Outdoor Wireless Security Camera System 5.5MP Wi-Fi Video Surveillance
Added to wishlistRemoved from wishlist 0
Add to compare
$399.99
Added to wishlistRemoved from wishlist 0
Add to compare
2 | FPV Goggles for All Camera Drones | Unibody Lens | HD FPV Goggles | Compatible Versatile Skyview FPV Drone Goggles | Clear Immersive View | All GPS Camera Drone
Added to wishlistRemoved from wishlist 0
Add to compare
$179.00

Apple’s latest security updates for iOS, macOS, Safari, visionOS, and iPadOS contained brief but critical disclosures of two actively exploited vulnerabilities.

The tech giant said Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group discovered the vulnerabilities. NIST lists the vulnerabilities as CVE-2024-44308 and CVE-2024-44309.

What are the vulnerabilities Apple patched?

Apple didn’t disclose much information about the exploitation or what attackers might have done using these vulnerabilities. However, the Threat Analysis Group works specifically on “government-backed hacking and attacks against Google and our users,” so it’s possible these vulnerabilities were used in well-funded attacks against specific targets.

SEE: Want to accept Apple Pay at your business? See how with our guide.

With CVE-2024-44308, attackers could create malicious web content, leading to arbitrary code execution. Apple detected this exploit possibly in use on Intel-based Mac systems — unlike those systems using Apple’s own M chips, which have been the standard since 2023. Apple put improved checks in place to prevent this issue.

CVE-2024-44309 has been exploited similarly and applies to Intel-based Macs, but the fix was different. Apple said its team addressed a cookie management issue by improving state management.

The affected operating systems are:

  • Safari 18.1.1
  • iOS 17.7.2
  • iPadOS 17.7.2
  • macOS Sequoia 15.1.1
  • iOS 18.1.1
  • iPadOS 18.1.1
  • visionOS 2.1.1

Apple faced four zero-day vulnerabilities earlier in 2024

In addition to the latest exploitations, Apple disclosed four zero-day vulnerabilities this year, all of which it patched:

  • CVE-2024-27834, a bypass around pointer authentication.
  • CVE-2024-23222, an arbitrary code execution vulnerability.
  • CVE-2024-23225, a memory corruption problem.
  • CVE-2024-23296, another memory corruption problem.

Apple devices have a reputation for being secure against viruses and malware, in part because of Apple’s tight hold over its App Store ecosystem. However, that doesn’t mean these devices are impervious to all attacks. According to multiple reports, threat actors are increasing efforts to breach macOS, especially with infostealers and trojans.

In April, Apple notified select users that their iPhones had been compromised by “a mercenary spyware attack,” in a case of threat actors targeting specific people. Other vulnerabilities may arise in hardware, such as the GoFetch vulnerability that popped up in Apple’s M-series chips early this year.

Keep up cybersecurity best practices

Zero-day disclosures are good opportunities for IT teams to remind users to keep up with operating system updates and to follow company security guidelines. Strong passwords or two-factor authentication can make a big difference. Many cybersecurity best practices apply across operating systems, including Apple’s.


Added to wishlistRemoved from wishlist 0
Add to compare
’47 MLB Mens Men’s Brand Clean Up Cap One-Size
Added to wishlistRemoved from wishlist 0
Add to compare
$29.95
Added to wishlistRemoved from wishlist 0
Add to compare
(2-Way Audio & PIR Detection) Dual Antennas Outdoor Wireless Security Camera System 5.5MP Wi-Fi Video Surveillance
Added to wishlistRemoved from wishlist 0
Add to compare
$399.99
Added to wishlistRemoved from wishlist 0
Add to compare
[3 Pack] Sport Bands Compatible with Fitbit Charge 5 Bands Women Men, Adjustable Soft Silicone Charge 5 Wristband Strap for Fitbit Charge 5, Large
Added to wishlistRemoved from wishlist 0
Add to compare
$9.99
Added to wishlistRemoved from wishlist 0
Add to compare
[3 Pack] Sport Bands Compatible with Fitbit Charge 5 Bands Women Men, Adjustable Soft Silicone Charge 5 Wristband Strap for Fitbit Charge 5, Small
Added to wishlistRemoved from wishlist 0
Add to compare
$9.99

We will be happy to hear your thoughts

Leave a reply

Best Deals for all new
Logo
Compare items
  • Total (0)
Compare
0
Shopping cart