Security News > 2024 > November > Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)

Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)
2024-11-20 10:48

Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that “may have been actively exploited on Intel-based Mac systems”. About CVE-2024-44309 and CVE-2024-44308 CVE-2024-44309 affects WebKit, the browser engine used in the Safari web browser and all iOS and iPadOS web browsers, and can be triggered when it’s made to process maliciously crafted web content. It can enable a cross site scripting (XSS) attack. CVE-2024-44308 affects JavaScriptCore – … More → The post Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/11/20/cve-2024-44309-cve-2024-44308/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-11-20 CVE-2024-44309 Cross-site Scripting vulnerability in Apple products
A cookie management issue was addressed with improved state management.
network
low complexity
apple CWE-79
6.1
2024-11-20 CVE-2024-44308 Unspecified vulnerability in Apple products
The issue was addressed with improved checks.
network
low complexity
apple
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349