The tech giant Apple has released a patch for two zero-day vulnerabilities that hackers used to target Intel-based Mac computers.
According to a statement on November 19 from Apple, both vulnerabilities were 'actively exploited' and related to 'maliciously crafted web content handling.'
These vulnerabilities even attracted the attention of Binance co-founder and former CEO, Changpeng 'CZ' Zhao, who advised users to update their technology immediately to avoid falling into the attack trap.
"If you are using a Macbook with an Intel chip, update immediately!" he said.
Source: Changpeng Zhao
One of the vulnerabilities, identified as CVE-2024-44308 by Apple, could allow the JavaScriptCore software to run malicious code without the user's knowledge or consent. Apple stated that this issue has been 'fixed with improved checks.'
The second vulnerability, CVE-2024-44309, could lead to 'cross-site scripting attacks' through Apple's WebKit browser engine. Such a network attack could allow hackers to inject malicious code into other websites or applications.
Apple stated that this is a 'cookie management issue' and has been addressed with 'improved state management.'
As usual, the tech giant does not 'publicly discuss or confirm' vulnerabilities until they have investigated and created a patch to address them.
A zero-day vulnerability is a flaw or weakness that hackers discover and exploit before the software developer has a chance to patch or address it, leaving them with 'zero days' to fix it.
Details remain limited. It is unclear who is behind this hack, how many users were affected, or if any successful cyber attacks occurred.
Apple has listed Google security researchers Clément Lecigne and Benoît Sevens as the ones who discovered these flaws.
Both are part of Google's Threat Analysis Group, which focuses on countering government-backed attacks and hacks targeting Google, suggesting that the perpetrator in this case may be an unfriendly government.
North Korea targeted Apple users earlier this month. On November 12, researchers discovered that North Korean hackers were attacking macOS users with a new malware campaign, using phishing emails, fake PDF applications, and techniques to bypass Apple's security checks.
Researchers noted that this is the first time they have seen this type of technology used to infiltrate Apple's macOS operating system, but they found that it could not operate on updated systems.
In October, North Korean hackers were also caught exploiting a vulnerability in Google's Chrome to steal cryptocurrency wallet account information.
Follow me @TinTucBitcoin #tintucbitcoin #Write2Win #btc #binance #binance
