Apple Releases Critical Security Updates Across iOS, macOS, and Vision Pro to Fix Active Exploits
Apple has released urgent security updates for multiple products after discovering vulnerabilities that were actively exploited on Intel-based Mac systems. The updates, released on November 19, 2024, address serious security flaws in iOS, iPadOS, macOS, visionOS, and Safari.
The updates include:
- iOS 18.1.1 and iPadOS 18.1.1
- iOS 17.7.2 and iPadOS 17.7.2
- macOS Sequoia 15.1.1
- visionOS 2.1.1
- Safari 18.1.1
Two critical vulnerabilities were identified by Google’s Threat Analysis Group researchers Clément Lecigne and Benoît Sevens. The first vulnerability (CVE-2024-44308) in JavaScriptCore could allow attackers to execute arbitrary code through maliciously crafted web content. The second flaw (CVE-2024-44309) in WebKit could enable cross-site scripting attacks through a cookie management issue.
The iOS and iPadOS updates are available for:
- iPhone XS and later models
- iPad Pro (all recent generations)
- iPad Air (3rd generation and later)
- iPad (6th/7th generation and later)
- iPad mini (5th generation and later)
The Safari update applies to macOS Ventura and Sonoma users, while visionOS 2.1.1 specifically addresses security concerns for Apple Vision Pro devices.
Apple has not disclosed detailed information about the exploits, following its security policy of withholding such information until patches are widely available. The company confirmed it is aware of reports that these vulnerabilities were actively exploited on Intel-based Mac systems.
CISA (Cybersecurity and Infrastructure Security Agency) has encouraged all users and administrators to review these security advisories and apply the necessary updates promptly to protect their devices from potential attacks.
