CERT-In has brought attention to two significant vulnerabilities affecting Apple products that pose serious security risks. The first is an Execution Vulnerability (CVE-2024-44308) found in JavaScriptCore, a component utilized by Apple’s Safari browser and various applications for processing JavaScript.
This flaw allows an attacker to potentially execute arbitrary code on the device by delivering specially crafted web content. The second vulnerability, a Cross-Site Scripting (XSS) issue (CVE-2024-44309), is located within WebKit, the underlying engine for Safari and web content across Apple devices. This vulnerability can be exploited by attackers who send maliciously designed web content, enabling them to initiate cross-site scripting attacks on the compromised device.
The devices at risk include iPhones and iPads running versions earlier than iOS 18.1.1 and iOS 17.7.2, Macs with versions prior to macOS Sequoia 15.1.1, visionOS devices below version 2.1.1, and Safari browsers that are not updated past version 18.1.1. If these vulnerabilities are successfully exploited, the consequences could be severe, including unauthorized access to systems, theft of sensitive data, complete control over affected devices, denial of service, and manipulation of stored data.
To safeguard against these threats, it is crucial for users to promptly update their devices to the latest software versions: iPhone and iPad users should upgrade to iOS 18.1.1 or iOS 17.7.2, Mac users need to install macOS Sequoia 15.1.1, visionOS users should update to version 2.1.1, and Safari users must ensure they are on version 18.1.1. By taking these proactive measures, users can significantly enhance their device security and protect their personal information from potential exploitation.
#AppleSecurity #CyberSecurity #VulnerabilityAlert #CVE2024 #JavaScriptCore #WebKit #XSS #iOSUpdate #MacOSUpdate #DeviceSecurity #DataProtection #TechNews #SafariBrowser #SecurityRisks #UpdateNow #ProtectYourData #CyberAwareness #InformationSecurity #TechSafety #StaySecure