Apple Fixes Two Exploited Vulnerabilities, (Tue, Nov 19th)
2024-11-20 05:56:52 Author: isc.sans.edu(查看原文) 阅读量:5 收藏

Today, Apple released updates patching two vulnerabilities that have already been exploited. Interestingly, according to Apple, the vulnerabilities have only been exploited against Intel-based systems, but they appear to affect ARM (M"x") systems as well.

CVE-2024-44308

A vulnerability in JavaScriptCore. It could be triggered by the user visiting a malicious web page and may lead to arbitrary code execution.

CVE-2024-44309

This vulnerability affects WebKit. A vulnerability in the cookie management system may lead to cross-site scripting. The description is sparse, but it may indicate that an attacker could set a malicious cookie that will inject JavaScript or HTML into a web page.

Patches have been released for Safari and all of Apple's operating systems (including iOS/iPadOS/VisionOS, which is not used on Intel-based systems).

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|


文章来源: https://isc.sans.edu/diary/rss/31452
如有侵权请联系:admin#unsafe.sh