Security
Headlines
HeadlinesLatestCVEs

Headline

Apple Security Advisory 11-19-2024-5

Apple Security Advisory 11-19-2024-5 - macOS Sequoia 15.1.1 addresses code execution vulnerabilities.

Packet Storm
#vulnerability#web#mac#apple#google#js#java#intel#webkit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1

macOS Sequoia 15.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121753.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

JavaScriptCore
Available for: macOS Sequoia
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
actively exploited on Intel-based Mac systems.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 283063
CVE-2024-44308: Clément Lecigne and Benoît Sevens of Google’s Threat
Analysis Group

WebKit
Available for: macOS Sequoia
Impact: Processing maliciously crafted web content may lead to a cross
site scripting attack. Apple is aware of a report that this issue may
have been actively exploited on Intel-based Mac systems.
Description: A cookie management issue was addressed with improved state
management.
WebKit Bugzilla: 283095
CVE-2024-44309: Clément Lecigne and Benoît Sevens of Google’s Threat
Analysis Group

macOS Sequoia 15.1.1 may be obtained from the Mac App Store or Apple’s
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmc9JSQACgkQX+5d1TXa
Ivo92g/8Dm9sVuOeQTu56JLi2yAlbu9NK8Udb4ByFIsi63HWksJ6rK9LzZfTF8Yd
Z3SBk7aIHl9tMj2gJ6QJ71SwCdN/fTnAC9na5fZwUjdsjuH1uoPmiMSA48MDwmQC
vf6grIhskLNi0bQrpcKR1C79fmGlO7Nua3zmbvdvs41/3g3A7udvf2KpZTkkDrP4
+zwsVCJCu4xHTo5bU0NrM/Cbon+TO01/gyhnngZzl65bIPkhyeEDiVHW3K6aKDA8
XpClgMGe7ZIRao0hmqqK+YYPso/yDdUDpHlfEFL/YYseVThd+t6EPn4irWFPCPTv
usiMVUpOpqmMHfPaVO/uzwDR/wgpB8ws4BsBjytQ2q5ZZgyxsIUx6cEJazgbRXtI
UIJWgodel8AClhWrRo8c14rIuUH1jqMh8EcbimFdC62vSivuNgwNdBd5U2wRnELr
w1I65s3u7f3Qly8himbl+41ueYcgInsVld7206tk8Ygmm7zA4kupLBEH+EeK43c3
2P0NF7CMQCnJcwbEqusIUi8AOSN2VgGi9E6BjjJGnLhbbieX/ssKTTbv+mt0ctyq
5uB3WUZBDbhJKj8p/0+iBAlzZUJDkrudmy8No9Zc2ImTcZ61gP2Zbh/5lcI8hZu+
SKOrc+1s5nRW1FcGXL2ZzjtnmXnU6DGFfN7stVtTmVAg4dEWzeo=
=IY5p
-----END PGP SIGNATURE-----

Related news

Debian Security Advisory 5823-1

Debian Linux Security Advisory 5823-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Red Hat Security Advisory 2024-10492-03

Red Hat Security Advisory 2024-10492-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-10483-03

Red Hat Security Advisory 2024-10483-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-10472-03

Red Hat Security Advisory 2024-10472-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

Apple Security Advisory 11-19-2024-4

Apple Security Advisory 11-19-2024-4 - iOS 17.7.2 and iPadOS 17.7.2 addresses code execution vulnerabilities.

Apple Security Advisory 11-19-2024-3

Apple Security Advisory 11-19-2024-3 - iOS 18.1.1 and iPadOS 18.1.1 addresses code execution vulnerabilities.

Apple Urgently Patches Actively Exploited Zero-Days

Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.

Apple Urgently Patches Actively Exploited Zero-Days

Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.

Update now! Apple confirms vulnerabilities are already being exploited

Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.

Update now! Apple confirms vulnerabilities are already being exploited

Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution