Apple OS vulnerabilities (CVE-2024-44308,CVE-2024-44309)

Service Advisory

Apple has released emergency security updates to fix two zero-day vulnerabilities (CVE-2024-44308,CVE-2024-44309) that were exploited in attacks on Intel-based Mac system.

CVSS Score:
6.1 – 8.8

Description:
The vulnerability in the JavaScriptCore may lead to arbitrary code execution by processing maliciously crafted web content.

Affected Versions :   

• iPhone XS and later
• iPad 7th generation and later
• iPad 6th generation and later
• iPad Air 3rd generation and later
• iPad Air 3rd generation and later
• iPad mini 5th generation and later
• iPad mini 5th generation and later
• iPad Pro 11-inch 1st generation and later
• Apple Safari Versions Before Safari18.1.1
• Apple macOS Sequoia Versions Before 15.1.1
• iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later
• iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later
• iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later 

Impact:

This vulnerability if exploited could lead to arbitrary code execution.

Resolution:

Apply the patches available on the vendor site.

Reference:

https://support.apple.com/en-us/100100

https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-adds-three-known-exploited-vulnerabilities-catalog

https://thehackernews.com/2024/11/apple-releases-urgent-updates-to-patch.html

https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-used-in-attacks-on-intel-based-macs/

UIT Information Security

Contact

USC IT Client Services at askIT@yorku.ca or 416 736 5800

PRIVACY POLICY | VISIT WWW.YORKU.CA
This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3

This email is viewed best in Microsoft Outlook for web