Security News > 2024 > November > Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)
Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that “may have been actively exploited on Intel-based Mac systems”. About CVE-2024-44309 and CVE-2024-44308 CVE-2024-44309 affects WebKit, the browser engine used in the Safari web browser and all iOS and iPadOS web browsers, and can be triggered when it’s made to process maliciously crafted web content. It can enable a cross site scripting (XSS) attack. CVE-2024-44308 affects JavaScriptCore – … More → The post Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/20/cve-2024-44309-cve-2024-44308/
Related news
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
- Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- PostgreSQL flaw exploited as zero-day in BeyondTrust breach (source)
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-20 | CVE-2024-44309 | Cross-site Scripting vulnerability in Apple products A cookie management issue was addressed with improved state management. | 6.1 |
| 2024-11-20 | CVE-2024-44308 | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 8.8 |