mac OS Update Crucial: Apple Addresses Actively Exploited Zero-Day Vulnerabilities
Apple is urging all Mac and MacBook users to update their devices to macOS version 15.1.1 immediately. This update, released shortly after the major 15.1 release, addresses two critical vulnerabilities, CVE-2024–44308 and CVE-2024–44309, that are known to be actively exploited. The U.S. Cybersecurity and Infrastructure Agency (CISA) has echoed this warning, emphasizing the urgency of the update .
Read More In Google News
What are the vulnerabilities?
CVE-2024–44308 (CVSS score: 8.8): This vulnerability in JavaScriptCore could allow attackers to execute arbitrary code when a user processes maliciously crafted web content .
CVE-2024–44309 (CVSS score: 6.1): This vulnerability in WebKit, related to cookie management, could allow cross-site scripting (XSS) attacks when a user encounters malicious web content .
Read More In Google News
Who discovered the vulnerabilities?
Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG) discovered and reported these vulnerabilities . The fact that Google’s TAG was involved suggests that these vulnerabilities might have been used in highly targeted attacks, potentially by government-backed entities or mercenary spyware operators .
Read More In Google News
Which devices are affected?
The macOS Sequoia 15.1.1 update is necessary for all Macs running on Apple Silicon. This includes:
iMac Pros released since 2017
iMacs released since 2019
MacBook Pros released since 2018
Mac Minis released since 2018
Mac Pros released since 2019.
The update also supports several Intel-powered Macs released from 2017 onwards.
How to update your Mac
To update to macOS 15.1.1:
Go to System Settings/General/Software Update and click “Update Now” .
On older Macs, go to System Preferences and click “Software Update” .
Other Apple devices
Apple has also released updates for iOS, iPadOS, visionOS, and Safari to address these vulnerabilities. These updates are available for a wide range of iPhones and iPads .
Importance of updating
These are just two of four zero-day vulnerabilities Apple has addressed this year. Another vulnerability was demonstrated at the Pwn2Own Vancouver hacking competition (CVE-2024–27834), and the remaining three were patched earlier in the year. The sources underscore the critical importance of updating all your Apple devices promptly to protect yourself from these and other potential threats.
Read More In Google News










