Apple has released an emergency security update for macOS and iOS to address two serious security vulnerabilities affecting Intel-based MacBook systems that are being actively exploited.
This notice has received multiple warnings, including a warning from former Binance CEO Changpeng Zhao: "If you are using a MacBook with an Intel chip, update immediately! Stay safe!"
The vulnerabilities identified are CVE-2024-44308 and CVE-2024-44309, discovered by Google's Threat Analysis Group (TAG) and targeting specific macOS systems. Here is what Apple confirmed in its announcement:
CVE-2024-44308 (JavaScriptCore): Exploiting maliciously crafted web content can lead to arbitrary code execution. This vulnerability is being actively exploited on Intel-based MacBooks.
CVE-2024-44309 (WebKit): Maliciously crafted web content can lead to cross-site scripting (XSS) attacks, posing significant risks to user data and system integrity.
Apple has released the following updates to mitigate these vulnerabilities:
macOS Sequoia 15.1.1
iOS 18.1.1
iOS 17.7.2 (for older devices)
The update will address both vulnerabilities.
According to its policy, Apple has not disclosed specific details about the attacks or provided indicators of compromise (IOC), making it difficult for security teams to track exploitation methods.
