Apple has issued patches for vulnerabilities already exploited in the wild. The vulnerabilities were discovered by Google’s Threat Analysis Group (TAG) and are actively exploited on Intel-based macOS Sequoia and iOS devices.
In typical Apple fashion, the company did not release details on recorded attacks or indicators of compromise (IOC) that might help security professionals track down hacking attempts. Apple’s security advisory does state the CVE IDs and vulnerability descriptions.
- CVE-2024-44308: This is a JavaScriptCore vulnerability in which a maliciously crafted piece of web content can lead to arbitrary code execution. Improved checks have addressed the issue.
- CVE-2024-44309: Processing maliciously crafted web content may lead to a cross-site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. This is a cookie management issue and was addressed with improved state management.
People using devices running iOS 18.1.1, macOS Sequoia 15.1.1, and older iOS 17.7.2 devices are advised to update to the latest security update as soon as possible. Since no IOCs were announced, it’s impossible to tell what current campaigns targeting macOS devices are using these particular vulnerabilities.
macOS malware campaigns have been on the rise lately. In November, North Korean hackers were discovered experimenting with novel macOS malware. Researchers discovered a new macOS malware family capable of encrypting files while impersonating the notorious ransomware gang. In October, a LockBit clone emerged with macOS targeting capabilities embedded inside macOS programs built atop an open-source SDK (software development kit). Besides malicious threats, Microsoft has also recently investigated a OneDrive freezing issue on macOS Sequoia.
In the News: OpenAI, Common Sense Media launch free AI course for educators