Apple rushes out patch fixing zero-day attacks on macOS systems
Tech giant Apple has released a patch for two zero-day vulnerabilities that hackers have used to exploit Intel-based Mac computers.
According to the Nov. 19 advisory from Apple, both vulnerabilities have been “actively exploited” and involve “processing maliciously crafted web content.”
The vulnerabilities even caught the attention of the co-founder and former CEO of Binance, Changpeng “CZ” Zhao , who chimed in, warning users to update their tech immediately to avoid falling prey to the exploit .
“If you use a Macbook with Intel based chip, update asap!” he said.
Source: Changpeng Zhao
One of the flaws, tagged as CVE-2024-44308 by Apple, can trigger JavaScriptCore software to run malicious code without a user’s knowledge or permission. Apple said the issue was “addressed with improved checks.”
The second vulnerability, CVE-2024-44309, can cause a “cross-site scripting attack” through Apple’s WebKit browser engine. A cyberattack of this nature can result in hackers injecting malicious computer code into other websites or apps being used.
Apple said this was “a cookie management issue” and was addressed with “improved state management.”
As is often the case, the tech giant didn’t “disclose, discuss, or confirm” the flaws until it had investigated and crafted a patch to fix them.
A zero-day flaw is a bug or weakness that hackers discover and take advantage of before the software developer has had a chance to patch or address the issue, giving them “zero days” to fix it.
Further details are scarce. It’s unknown who is behind the hack, how many users have been affected, or if any cyberattacks were successful.
Related: My traumatic Apple ID hack showed pitfalls of centralized identity
The tech giant has listed Google security researchers Clément Lecigne and Benoît Sevens as the ones who found the bugs.
Both are from the company’s Threat Analysis Group, which focuses on countering government-backed hacking and attacks against Google, which could suggest the culprit, in this case, is an unfriendly government.
North Korea targeted Apple users earlier this month. On Nov. 12, researchers caught North Korean hackers going after macOS users with a new malware campaign using phishing emails , fake PDF applications, and a technique to evade Apple’s security checks.
The researchers said it was the first time they had seen this type of tech used to compromise Apple’s macOS operating system, but they found it couldn’t run on up-to-date systems.
In October, North Korean hackers were also caught exploiting a vulnerability in Google’s Chrome to steal crypto wallet credentials.
Magazine: Crypto has 4 years to grow so big ‘no one can shut it down’: Kain Warwick, Infinex
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
FTX co-founder won’t serve time in prison, judge rules
Prosecutors argued that FTX co-founder Gary Wang cooperated in their case against former FTX CEO Sam Bankman-Fried
MORPHOUSDT now launched for futures trading and trading bots
Bitget has launched MORPHOUSDT for futures trading with a maximum leverage of 20, along with support for futures trading bots, on November 21, 2024 (UTC+8). Welcome to try futures trading via our official website (www.bitget.com) or Bitget APP. MORPHOUSDT-M perpetual futures: Parameters Details Lis
Sender (ASI): A Revolutionary Blockchain Network Empowered by AI
What is Sender (ASI)? Sender (ASI) is a blockchain platform that integrates artificial intelligence with decentralized technology. It aims to simplify blockchain use for everyone, from seasoned developers to newcomers with little to no technical knowledge. By combining AI-driven tools with robust b
Russia plans energy-based crypto mining limits in 13 regions