November 19, 2024 at 02:43PM
Apple has addressed two security vulnerabilities in visionOS 2.1.1 for the Apple Vision Pro, with release set for November 19, 2024. CVE-2024-44308 involves potential arbitrary code execution from malicious web content, while CVE-2024-44309 addresses cookie management issues that could lead to cross-site scripting attacks.
### Meeting Notes Takeaways
1. **Upcoming Release Details**
– **Apple ID**: 121755
– **Release Date**: November 19, 2024
2. **Security Updates for visionOS 2.1.1**
– Two critical vulnerabilities identified:
**CVE-2024-44308**
– **Description**: Improved checks to address issue.
– **Impact**: Potential for arbitrary code execution due to processing of malicious web content. Active exploitation reported on Intel-based Mac systems.
– **Affected Product**: visionOS 2.1.1
– **Update Available For**: Apple Vision Pro
**CVE-2024-44309**
– **Description**: Improved state management to address cookie management issue.
– **Impact**: Risk of cross-site scripting attacks from processing malicious web content. Active exploitation reported on Intel-based Mac systems.
– **Affected Product**: visionOS 2.1.1
– **Update Available For**: Apple Vision Pro
### Action Items
– Prioritize testing and deployment of the security updates for the Apple Vision Pro before the release date.
– Monitor further reports about the exploitation of these vulnerabilities for timely communication and resolution.