November 19, 2024 at 01:54PM
Apple released updates on November 19, 2024, addressing CVE-2024-44308 and CVE-2024-44309, which involved vulnerabilities that could lead to arbitrary code execution and cross-site scripting attacks, respectively. The issues were reported to have been actively exploited on Intel-based Macs and affect iOS and iPadOS 18.1.1 devices.
### Meeting Takeaways
**Release Information:**
– **Apple ID**: 121752
– **Release Date**: November 19, 2024
**Security Vulnerabilities Addressed:**
1. **CVE-2024-44308**
– **Description**: Improved checks were implemented to address processing issues with maliciously crafted web content.
– **Impact**: Risk of arbitrary code execution, with possible active exploitation reported on Intel-based Mac systems.
– **Affected Products**: iOS 18.1.1 and iPadOS 18.1.1.
– **Updates Available For**:
– iPhone XS and later
– iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later)
– iPad Air (3rd generation and later)
– iPad (7th generation and later)
– iPad mini (5th generation and later)
2. **CVE-2024-44309**
– **Description**: Enhanced state management has been implemented to resolve cookie management issues.
– **Impact**: Vulnerability to cross-site scripting (XSS) attacks, with reports of active exploitation on Intel-based Mac systems.
– **Affected Products**: iOS 18.1.1 and iPadOS 18.1.1.
– **Updates Available For**:
– iPhone XS and later
– iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later)
– iPad Air (3rd generation and later)
– iPad (7th generation and later)
– iPad mini (5th generation and later)
### Summary
Two critical security issues have been identified and addressed in the latest updates for iOS 18.1.1 and iPadOS 18.1.1, with potential active exploitation reported on Intel-based Mac systems. Users of affected devices should ensure they update to the latest software to mitigate risks.