in

Update your iPhone, iPad, and Mac now to patch these serious zero-day security flaws

Maria Diaz/ZDNET

Apple has rushed out emergency patches for the iPhone, iPad, and Mac that squash a couple of serious security bugs. The two zero-day vulnerabilities may have already compromised Intel-based Macs in the wild, but the updates are designed for iPhones and iPads as well.

Three new support documents describe the bugs: one for iOS 18.1.1 and iPadOS 18.1.1, another for MacOS Sequoia 15.1.1, and a third for Safari.

Also: I replaced my M1 MacBook Pro with a base model M4 – and it blew my $3,000 laptop away

The update for iOS and iPadOS is aimed at the Phone XS and later, the 13-inch iPad Pro, the 12.9-inch iPad Pro 3rd generation and later, the 11-inch iPad Pro 1st generation and later, the iPad Air 3rd generation and later, the iPad 7th generation and later, and the iPad mini 5th generation and later. The update for MacOS is designed for any computer compatible with MacOS Sequoia.

Labeled CVE-2024-44308 and titled JavaScriptCore, the first flaw is defined as: “processing maliciously crafted web content may lead to arbitrary code execution.” This means that a malicious website designed to exploit the vulnerability could allow an attacker to take control of your device. In resolving the issue, Apple said only that it was addressed with improved checks.

Known as CVE-2024-44309 and titled WebKit, the second flaw is defined as “processing maliciously crafted web content may lead to a cross site scripting attack.” This one means that an attacker who injects malicious scripts into an otherwise safe website could compromise or steal sensitive data. The fix here, according to Apple, was to resolve a cookie management issue.

In both cases, Apple said it was aware of reports that the issue may have been actively exploited on Intel-based Mac systems. But flaws that can affect a Mac can sometimes affect an iPhone or iPad. At the very least, updating all three types of devices at the same time prevents attackers from further exploiting the vulnerabilities.

Also: This quick Mac tip will save you lots of clicks over time. Here’s how

To update your iPhone or iPad to the latest 18.1.1 version, head to Settings, select General, and then tap Software Update. Allow the new version to download and install. To update your Mac to MacOS Sequoia 15.1.1, click the Apple menu and select System Settings. Go to General, click Software Update, and then trigger the installation. With the new macOS update, Safari is automatically updated as well.


Source: Robotics - zdnet.com

Get a Microsoft Office 2019 license for Mac or Windows for $27: Deal

Get a Ring Indoor Cam and Battery Doorbell bundle for only $80 ahead of Black Friday