November 19, 2024 at 04:54PM
Apple addressed two vulnerabilities in Safari 18.1.1 for macOS Ventura and Sonoma, released on November 19, 2024. CVE-2024-44308 involves arbitrary code execution from malicious web content, while CVE-2024-44309 relates to cross-site scripting attacks. Both issues may have been actively exploited on Intel-based Mac systems.
### Meeting Notes Summary
**Release Information**
– **Apple ID**: 121756
– **Release Date**: November 19, 2024
—
**Vulnerabilities Addressed**:
1. **CVE-2024-44308**
– **Description**: Improved checks were implemented to address the issue.
– **Impact**: There is potential for arbitrary code execution via maliciously crafted web content. Active exploitation has been reported on Intel-based Mac systems.
– **Affected Product**: Safari 18.1.1
– **Available Update For**: macOS Ventura and macOS Sonoma
2. **CVE-2024-44309**
– **Description**: A cookie management issue was resolved with enhanced state management.
– **Impact**: This vulnerability may allow a cross-site scripting (XSS) attack through maliciously crafted web content. Active exploitation has also been reported on Intel-based Mac systems.
– **Affected Product**: Safari 18.1.1
– **Available Update For**: macOS Ventura and macOS Sonoma
—
### Action Items
– Ensure users are notified about the updates for Safari 18.1.1 on affected macOS systems.
– Monitor for any further reports or impacts related to these vulnerabilities.