Apple has issued a patch to address two zero-day vulnerabilities that hackers have exploited to gain access to Intel-based MacOS Systems.
Both vulnerabilities have been “actively exploited” and involve the “processing maliciously crafted web content,” as stated in the Apple advisory from November 19.
The vulnerabilities even piqued the interest of Changpeng “CZ” Zhao, the co-founder and former CEO of Binance. Zhao warned users to update their technology promptly to prevent exploitation.
“If you are using a Macbook with an Intel-based chip, please update quickly!” he advised.
Apple has identified one of the vulnerabilities as CVE-2024-44308. This vulnerability could cause JavaScriptCore software to execute malicious code without the user’s knowledge or consent. Apple stated that the matter was resolved by implementing enhanced verification procedures.
The second vulnerability, CVE-2024-44309, has the potential to result in a “cross-site scripting attack” by exploiting Apple’s WebKit browser engine.
Hackers may introduce malicious computer code into other websites or applications currently in use due to this cyberattack.
Apple stated this was a “cookie management issue” resolved through “improved state management.”
The tech giant did not “disclose, discuss, or confirm” the flaws until it had investigated and developed a patch to address them, as is frequently the case.
A zero-day flaw is an error or vulnerability that hackers exploit before the software developer can patch or address the issue, allowing them “zero days” to resolve it.
Additional information is scarce. Who is responsible for the breach, the number of users affected, and the success rate of any cyberattacks are all unknown.
The bugs were discovered by Clément Lecigne and Benoît Sevens, Google security researchers, according to the technology behemoth.
The Threat Analysis Group of the firm, which is responsible for combating government-sponsored hacking and attacks against Google, is the source of both. This suggests that an unfriendly government may be the culprit in this instance.
Apple consumers were the focus of North Korea’s recent campaign. On November 12, researchers discovered that North Korean hackers were employing a new malware campaign to target macOS users. The campaign involved phishing emails, phony PDF applications, and a method to circumvent Apple’s security checks.
According to the researchers, this was the first instance in which they had observed this type of technology being employed to compromise Apple’s macOS operating system. However, they discovered that it was incompatible with modern systems.
In October, North Korean hackers were also captured exploiting a vulnerability in Google’s Chrome to steal crypto wallet credentials.
