News around the world of cybersecurity never stops emerging. Malicious third parties constantly target both regular people and prominent organizations, depending on what they’re after. For the latter, they often resort to complex methods based on very specific vulnerabilities that not even the manufacturer of the compromised tech product or software is aware of. That’s what happened with Apple, which is sending out a zero-day patch to multiple devices.
Zero-day vulnerabilities are those that device manufacturers are not aware of. However, potential attackers could discover and actively exploit them while they’re available. While Apple is one of the companies that takes the most care of its users’ security and privacy, it is not free from occasional incidents.
Zero-day vulnerability in Apple devices addressed with a patch
Today, Apple has sent out emergency updates with a zero-day patch for several devices The addressed vulnerabilities are CVE-2024-44308 and CVE-2024-44309. The former allowed arbitrary code execution when visiting certain malicious websites, while the latter took advantage of WebKit to trigger a cross-site scripting (XSS) attack.
Apple has disclosed both vulnerabilities, revealing that they “may have been actively exploited on Intel-based Mac systems.” However, the company has not provided specific details about the exploit methods or the targets of the attacks. The patch is available now on multiple devices. The software versions that include it are iOS 18.1.1/iPadOS 18.1.1, iOS 17.7.2/iPadOS 17.7.2, macOS Sequoia 15.1.1, and visionOS 2.1.1. Safari is also receiving the 18.1.1 update with the patch.
According to the report, Clément Lecigne and Benoît Sevens, members of Google’s Threat Analysis Group (TAG), detected the vulnerabilities. This suggests that attackers could have used them to try to breach high-level targets. This includes prominent politicians or representatives relevant to national security. Rival governments may have financed such attacks.
This is not the first zero-day vulnerability that Apple has had to fix this year. The company has addressed a total of four zero-day software incidents throughout 2024.