You may be thinking about Thanksgiving and Black Friday, but before you start cooking and shopping, you need to update your Apple device. Apple this week released iOS and iPadOS 18.1.1, macOS 15.1.1, and visionOS 2.1.1 to fix two critical vulnerabilities already being exploited in the wild.
The update appears to include only two security fixes, but they are extremely important. Both patches address zero-day vulnerabilities known to have been exploited in attacks against Intel-based Macs. This doesn't mean that they haven't also been used to hack Apple silicon devices, just that Apple is unaware of such attacks.
The two flaws were discovered by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group and impact the JavaScriptCore And Webkit components of Apple's operating systems.
Both bugs allow hackers to exploit “maliciously crafted web content” to attack the system. The JavaScript bug allows “arbitrary code execution,” while the WebKit flaw opens the system to a cross-site scripting attack. In the Javascript patch (CVE-2024-44308), Apple fixed the issue with improved checks, while the WebKit patch (CVE-2024-44309) applies improved state management.
For older devices, Apple also released iOS 17.7.2 for iPhones X and earlier, as well as iPadOS 17.7.2. Additionally, it rolled out Safari 18.1.2 for macOS Ventura and Sonoma. They all fix the same flaws.
To update your iPhone, iPad, or Vision Pro, go to the Settings app, then General And Software update. On a Mac, open System Settings, then General And Software update. And if you've read this far, go now.
