Apple has released urgent security updates for macOS and iOS to address two critical zero-day vulnerabilities affecting Intel-based MacBook systems that are being actively exploited.
The announcement drew warnings, including from former Binance CEO Changpeng Zhao, who said: “If you’re using a MacBook with an Intel-based chip, update ASAP! Stay safe!”
The vulnerabilities, identified as CVE-2024-44308 and CVE-2024-44309, were discovered by Google’s Threat Analysis Group (TAG) and target specific macOS systems. Here’s what Apple confirmed in its advisory:
- CVE-2024-44308 (JavaScriptCore): Exploiting maliciously crafted web content may lead to arbitrary code execution. This vulnerability is actively exploited on Intel-based MacBooks.
- CVE-2024-44309 (WebKit): Maliciously crafted web content can lead to cross-site scripting (XSS) attacks, posing a significant risk to user data and system integrity.
Apple has released the following updates to mitigate these vulnerabilities:
- macOS Sequoia 15.1.1
- iOS 18.1.1
- iOS 17.7.2 (for older devices)
The updates address both vulnerabilities.
Consistent with its policy, Apple has not released specific details about the attacks or provided indicators of compromise (IOCs), leaving security teams with limited traceability about exploitation methods.
*This is not investment advice.
