Your mind may be on Thanksgiving and Black Friday, but before you start cooking and shopping, you need to update your Apple device. Apple this week released iOS and iPadOS 18.1.1, macOS 15.1.1, and visionOS 2.1.1 to patch a pair of critical vulnerabilities that have already been exploited in the wild.
The update appears to include only two security patches, but they’re extremely important. Both patches fix zero-day vulnerabilities that are known to have been exploited in attacks against Intel-based Macs. That doesn’t mean they haven’t been used to hack Apple silicon devices as well, just that Apple isn’t aware of any such attacks.
Both flaws were discovered by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group and impact the JavaScriptCore and WebKit components of Apple’s operating systems.
Both bugs allow hackers to exploit “maliciously crafted web content” to attack the system. The JavaScript bug allows “arbitrary code execution,” while the WebKit flaw opens the system to a cross-site scripting attack. In the Javascript patch (CVE-2024-44308), Apple fixed the issue with improved checks, while the WebKit fix (CVE-2024-44309) applies improved state management.
For older devices, Apple also released iOS 17.7.2 for iPhones X and earlier, as well as iPadOS 17.7.2. Additionally, it rolled out Safari 18.1.2 for macOS Ventura and Sonoma. They all fix the same flaws.
To update your iPhone, iPad, or Vision Pro, head over to the Settings app, then General and Software Update. On a Mac, open System Settings, then General and Software Update. And if you’ve read this far, go do it right now.
Source : Macworld
