Apple launched emergency safety updates to repair two zero-day vulnerabilities that have been exploited in assaults on Intel-based Mac techniques.
“Apple is conscious of a report that this problem could have been exploited,” the corporate stated in an advisory issued on Tuesday.
The 2 bugs have been discovered within the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) parts of macOS.
The JavaScriptCore CVE-2024-44308 flaw permits attackers to attain distant code execution by maliciously crafted internet content material. The opposite flaw, CVE-2024-44309, permits cross-site scripting (CSS) assaults.
The corporate says it addressed the safety flaws in macOS Sequoia 15.1.1.
As the identical parts are present in different Apple working techniques, it was additionally fastened in iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1.
Whereas Apple says each flaws have been found by Clément Lecigne and Benoît Sevens of Google’s Risk Evaluation Group, the corporate has not supplied additional particulars on how they have been exploited.
BleepingComputer contacted Google to find out how the issues have been exploited however was advised that they don’t have anything extra to share at the moment.
With these two vulnerabilities, Apple has fastened six zero-days thus far in 2024, with the first in January, two in March, and the fourth in Might.
This quantity is considerably higher than final 12 months when Apple fastened a complete of 20 zero-day flaws exploited within the wild, together with: