Fri Nov 22 10:20:00 UTC 2024: ## Urgent Security Update: Apple Patches Actively Exploited iPhone Vulnerabilities

**CUPERTINO, CA** – Apple has released emergency security updates for iPhones and other Apple devices to address two critical vulnerabilities actively exploited in real-world attacks. iOS 18.1.1 (and iOS 17.7.2 for older devices) are crucial updates that users should install immediately.

The updates patch flaws in the JavaScriptCore framework (CVE-2024-44308) and WebKit (CVE-2024-44309), the engine powering Safari. These vulnerabilities allow attackers to execute malicious code remotely, potentially leading to data theft and device compromise via malicious websites or cross-site scripting attacks. Apple confirms reports that these flaws have already been exploited on Intel-based Mac systems.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert urging businesses and individuals to apply the updates as soon as possible, highlighting the risk of attackers gaining complete control of affected systems.

Security experts emphasize the severity of these vulnerabilities. Sean Wright, head of application security at Featurespace, states that the JavaScriptCore flaw could enable remote code execution, potentially redirecting users to malicious sites and stealing sensitive information. Michael Covington, VP of Strategy at Jamf, adds that the WebKit vulnerability is particularly dangerous because it impacts Safari and other web-based content on all Apple devices.

Apple’s updates include enhanced checks to prevent malicious activity and improved data handling during web browsing. The updates are available for iPhone XS and later models, along with compatible iPads and other devices. To install, go to Settings > General > Software Update.

The company’s prompt release of these security-only updates underscores the urgency of this situation. Users are advised to exercise caution when browsing online and avoid clicking suspicious links until the update is applied.

Read More