Apple OS vulnerabilities (CVE-2024-44308,CVE-2024-44309)
Posted on
November 27, 2024
Service Advisory
Apple has released emergency security updates to fix two zero-day vulnerabilities (CVE-2024-44308,CVE-2024-44309) that were exploited in attacks on Intel-based Mac system.
CVSS Score: 6.1 – 8.8
Description: The vulnerability in the JavaScriptCore may lead to arbitrary code execution by processing maliciously crafted web content.
Affected Versions :
iPhone XS and later
iPad 7th generation and later
iPad 6th generation and later
iPad Air 3rd generation and later
iPad Air 3rd generation and later
iPad mini 5th generation and later
iPad mini 5th generation and later
iPad Pro 11-inch 1st generation and later
Apple Safari Versions Before Safari18.1.1
Apple macOS Sequoia Versions Before 15.1.1
iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later
iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later
iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later
Impact:
This vulnerability if exploited could lead to arbitrary code execution.
Resolution:
Apply the patches available on the vendor site.
Reference:
UIT Information Security
Contact
USC IT Client Services at askIT@yorku.ca or 416 736 5800
