[levi12]

Apple has issued security updates to address two zero-day vulnerabilities affecting iOS, iPadOS, macOS, visionOS, and Safari. The flaws, already under active exploitation, are detailed as follows:

• CVE-2024-44308: A JavaScriptCore vulnerability allowing arbitrary code execution via malicious web content.
  
• CVE-2024-44309: A WebKit cookie management flaw enabling cross-site scripting (XSS) attacks through malicious web content.
  

The issues were resolved with improved checks and state management. Apple acknowledged that these vulnerabilities might have been exploited on Intel-based Mac systems. They were reported by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group, suggesting their use in targeted attacks, possibly involving government-backed spyware.

Updates Available for the Following:

-iOS 18.1.1 and iPadOS 18.1.1: For iPhone XS and later, and various iPad models.

[b]-iOS 17.7.2 and iPadOS 17.7.2: For older but still-supported devices like iPhone XS and iPad Pro (10.5-inch).[/b]

[b]-macOS Sequoia 15.1.1: For systems running macOS Sequoia.[/b]

[b]-visionOS 2.1.1: For Apple Vision Pro.[/b]

[b]-Safari 18.1.1: For macOS Ventura and Sonoma.[/b]

This marks the fourth zero-day Apple has addressed in 2024, including one from the Pwn2Own competition and others patched earlier this year. Users are strongly urged to update their devices immediately to stay protected.

[KingDice]

Can you add ur source plz

[levi12]

Can you add ur source plz

official website
https://support.apple.com/en-us/100100

[KingDice]

tnx man ppreciated

[v12run]

Apple has issued security updates to address two zero-day vulnerabilities affecting iOS, iPadOS, macOS, visionOS, and Safari. The flaws, already under active exploitation, are detailed as follows:

• CVE-2024-44308: A JavaScriptCore vulnerability allowing arbitrary code execution via malicious web content.
  
• CVE-2024-44309: A WebKit cookie management flaw enabling cross-site scripting (XSS) attacks through malicious web content.
  

The issues were resolved with improved checks and state management. Apple acknowledged that these vulnerabilities might have been exploited on Intel-based Mac systems. They were reported by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group, suggesting their use in targeted attacks, possibly involving government-backed spyware.

Updates Available for the Following:

-iOS 18.1.1 and iPadOS 18.1.1: For iPhone XS and later, and various iPad models.

[b]-iOS 17.7.2 and iPadOS 17.7.2: For older but still-supported devices like iPhone XS and iPad Pro (10.5-inch).[/b]

[b]-macOS Sequoia 15.1.1: For systems running macOS Sequoia.[/b]

[b]-visionOS 2.1.1: For Apple Vision Pro.[/b]

[b]-Safari 18.1.1: For macOS Ventura and Sonoma.[/b]

This marks the fourth zero-day Apple has addressed in 2024, including one from the Pwn2Own competition and others patched earlier this year. Users are strongly urged to update their devices immediately to stay protected.

It's concerning that these vulnerabilities have already been exploited in targeted attacks. Given that the issues affect multiple Apple devices, including Intel-based Macs, how can users ensure their systems are fully secure from this kind of threat, especially in light of potential government-backed spyware? Is there any additional advice on preventing such attacks beyond updating to the latest patches?