November 19, 2024 at 01:54PM
Apple has addressed two security vulnerabilities in macOS Sequoia 15.1.1 (CVE-2024-44308 and CVE-2024-44309), which involve arbitrary code execution and cross-site scripting attacks, respectively. Both issues may have been actively exploited on Intel-based Mac systems, with updates now available. Release date is November 19, 2024.
**Meeting Takeaways:**
1. **Release Information:**
– **Apple ID:** 121753
– **Release Date:** November 19, 2024
– **Affected Product:** macOS Sequoia 15.1.1
2. **Security Issues Identified:**
– **CVE-2024-44308:**
– **Description:** Improved checks to address the issue.
– **Impact:** Maliciously crafted web content may lead to arbitrary code execution. Reported to be actively exploited on Intel-based Mac systems.
– **CVE-2024-44309:**
– **Description:** Improved cookie state management.
– **Impact:** Maliciously crafted web content may lead to cross-site scripting attacks. Reported to be actively exploited on Intel-based Mac systems.
3. **Update Availability:**
– Security updates addressing both CVEs are available for macOS Sequoia.