Security News > 2024 > November > Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)
Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that “may have been actively exploited on Intel-based Mac systems”. About CVE-2024-44309 and CVE-2024-44308 CVE-2024-44309 affects WebKit, the browser engine used in the Safari web browser and all iOS and iPadOS web browsers, and can be triggered when it’s made to process maliciously crafted web content. It can enable a cross site scripting (XSS) attack. CVE-2024-44308 affects JavaScriptCore – … More → The post Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/20/cve-2024-44309-cve-2024-44308/
Related news
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- UK domain registry Nominet confirms breach via Ivanti zero-day (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-20 | CVE-2024-44309 | Cross-site Scripting vulnerability in Apple products A cookie management issue was addressed with improved state management. | 6.1 |
| 2024-11-20 | CVE-2024-44308 | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 8.8 |