November 19, 2024 at 01:54PM
Two vulnerabilities (CVE-2024-44308 and CVE-2024-44309) in iOS 17.7.2 and iPadOS 17.7.2 could allow arbitrary code execution and cross-site scripting attacks, respectively, on Intel-based Macs. Updates are available for various iPhone and iPad models starting from iPhone XS and iPad Air 3rd generation onward.
### Meeting Takeaways
**Release Information:**
– **Release Date:** November 19, 2024
– **Affected Products:** iOS 17.7.2 and iPadOS 17.7.2. Updates available for:
– iPhone XS and later
– iPad Pro 13-inch
– iPad Pro 12.9-inch 2nd generation and later
– iPad Pro 10.5-inch
– iPad Pro 11-inch 1st generation and later
– iPad Air 3rd generation and later
– iPad 6th generation and later
– iPad mini 5th generation and later
**Security Vulnerabilities Addressed:**
1. **CVE-2024-44308**
– **Description:** Improved checks addressing an issue with web content processing.
– **Impact:** May lead to arbitrary code execution due to maliciously crafted web content. Actively exploited on Intel-based Mac systems.
2. **CVE-2024-44309**
– **Description:** Improved state management for cookie management issues.
– **Impact:** May lead to cross-site scripting attacks due to maliciously crafted web content. Actively exploited on Intel-based Mac systems.
**Conclusion:**
Both vulnerabilities are critical and impact the security of Apple’s devices. Users should update to the latest versions to ensure protection against potential exploits.