Google researchers identified two zero-day vulnerabilities in Apple's WebKit components, which have been patched. Apple urges users to update their systems promptly due to potential exploitation by hackers.
The first vulnerability (CVE-2024-44308) affects the JavaScriptCore framework, allowing arbitrary code execution through malicious web content. It primarily impacts Intel-based Mac systems.
The second flaw (CVE-2024-44309) is linked to the WebKit layout engine, enabling cross-site scripting attacks on Intel Macs.
These vulnerabilities have been a target for hackers, as compromising WebKit can lead to deeper system breaches, including data theft and surveillance.
Discovered by Clément Lecigne and Benoît Sevens from Google's Threat Analysis Group, the flaws have been addressed in the latest versions of macOS Sequoia, iOS, and iPadOS. Security updates are also available for Safari on macOS Ventura, macOS Sonoma, and the Vision Pro headset.