date: today 11/21
title: “Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities”
still reading. haven’t got my head around it yet.
I get this: “Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.”
Not this: "Not much is known about the exact nature of the exploitation, but Apple has acknowledged that the pair of vulnerabilities “may have been actively exploited on Intel-based Mac systems.”
they acted fast apparently. will have to research CVE-2024-44308 and CVE-2024-44309
44309 "A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. "
44308 “The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.”
someone knocked on the door and got in, same as everyday.
one was Java-related.
what caught my interested was 1) the urgency of the fix and 2) the absence of any info, i.e. articles etc about these zero-day exploits. the first 3 pages of my DDG search are brief CVE descriptions. things this big usually make more racket than this…
maybe my antennae need retuning…go about yr business 