The Indian government’s cyber security wing, CERT-In, has issued an advisory warning Apple device owners of two high-risk vulnerabilities that can lead to user data getting hacked. These vulnerabilities can be exploited by attackers to execute malicious code or perform Cross-Site Scripting attacks on the targeted system. The first vulnerability, CVE-2024-44308, exists in a system component called JavaScriptCore, which is used by Safari and other apps.
This bug can be exploited by an attacker to execute arbitrary code on the targeted Apple device, leading to significant security issues and potential cyber-attacks. The second vulnerability, CVE-2024-44309, exists in a component called WebKit, which powers Safari and web content on Apple devices. This issue can be exploited by an attacker to trigger an XSS attack on the targeted device.
According to CERT-In, iPhones and iPads running OS versions prior to 18.1.1, Macs running on macOS Sequoia versions prior to 15.1.1, and Apple Vision Pro running versions prior to 2.1.1 are affected by these vulnerabilities.
Virat Kohli addresses Apple vulnerability
Apple device owners can protect themselves by downloading the latest versions of iOS, iPadOS, or macOS on their devices.
To update an iPhone or iPad, open the Settings app, tap General, then Software Update, and tap Update Now. To update a Mac, click on the Apple Menu, System Settings, General, and then Software Update. CERT-In advises users to follow their advisories and ensure devices are running the most recent software to safeguard against potential vulnerabilities.
The scenario of unauthorized access to sensitive user information, denial of service, and data manipulation underscores the importance of keeping Apple devices updated with the latest security patches. As technology advances, it is crucial for users to stay informed about potential security risks and take proactive measures to protect their devices and personal data. Regular software updates and following the guidance of cyber security agencies can help mitigate the risk of falling victim to cyber-attacks exploiting known vulnerabilities.
