- 317/2024
- High
Apple has released security updates to address two vulnerabilities affecting macOS Sequoia and Safari.
The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks or execute arbitrary code and gain access to the affected systems.
The addressed vulnerabilities:
1. Apple macOS Sequoia Code Execution Vulnerability (CVE-2024-44308):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Apple Safari Cross-Site Scripting Vulnerability (CVE-2024-44309):
- CVSS: 6.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Scripting
It should be highlighted that Apple is aware that the zero-day vulnerabilities “CVE-2024-44308”, and “CVE-2024-44309” are being exploited in the wild.
Vulnerabilities
- CVE-2024-44308
- CVE-2024-44309
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.