Ahead of the highly anticipated macOS 15.2 update, Apple released the macOS Sequoia 15.1.1 Emergency Update on Tuesday to fix two scary vulnerabilities that have already been used in remote attacks.
Both patches address flaws in JavaScript and WebKit and were both discovered by Google’s threat analysis group. Apple says both vulnerabilities “may have been actively exploited on Intel-based Mac systems.” Apple doesn’t specifically say whether Apple Silicon Macs are affected, but the same flaws have been fixed in iOS 18.1.1.
JavaScriptCore
- Impact: Processing maliciously crafted web content can lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
- Description: The problem was resolved by improved controls.
- WebKitBugzilla: 283063
- CVE-2024-44308: Clément Lecigne and Benoît Sevens from Google’s threat analysis group
Webkit
- Impact: Processing malicious web content can lead to a cross-site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
- Description: A cookie management issue has been resolved with improved state management.
- WebKitBugzilla: 283095
- CVE-2024-44309: Clément Lecigne and Benoît Sevens from Google’s threat analysis group
Although the update is available for all Macs running macOS 15.1, there is no release for Macs running macOS Sonoma 14.7.1 or Ventura 13.7.1. Apple will likely patch the same vulnerabilities in these systems when macOS 15.2 arrives in December.
To update your Mac, go to System Settings, then General, Software updateand select Update now. Then follow the prompts to reboot.
