Apple -critical patch for actively Exploited Zero-Day Vulnerabilities
Critical VMware vCenter Flaw Allowing Remote Code Execution vulnerability.
Date of Publish: 20th-Nov-24
Severity: Critical
Affected System
- iOS, iPadOS, macOS, visionOS, and Safari web browser
Summary
Two zero-day vulnerability is found in various apple products that may result in remote code execution.
Description
- CVE-2024-44308 – A vulnerability is reported in JavaScriptCore when processing malicious web content that could lead to arbitrary code execution.
- CVE-2024-44309 – A cookie management vulnerability is reported in WebKit when processing malicious web content that could lead to a cross-site scripting (XSS) attack .
Recommendation
Apply below fix upgrade
The updates are available for the following devices and operating systems –
- iOS 18.1.1 and iPadOS 18.1.1 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
- iOS 17.7.2 and iPadOS 17.7.2 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- macOS Sequoia 15.1.1 – Macs running macOS Sequoia
- visionOS 2.1.1 – Apple Vision Pro
- Safari 18.1.1 – Macs running macOS Ventura and macOS Sonoma
CVE Name:
CVE-2024-44308
CVE-2024-44309
NOTE: The information is provide is on “as is “ basis, without assurance of any kind .
Revision history
-
20th-Nov-24 – first advisory released. — fix patch released
About The Author
