CVE Explained: Apple Zero-Day Vulnerabilities (CVE-2024–44308 & CVE-2024–44309)

Update Your iPhone and iPad NOW to Patch Critical Vulnerabilities

Okay, gotta admit it: I've been a bit of an Apple fanboy for most of my life, although I am pretty vendor neutral right now. But hey, even die-hard fans like me have to face the truth sometimes. This latest news is a prime example of why the myth that "Macs don't get viruses" needs to be officially busted.

Apple recently issued urgent security updates for iOS and iPadOS, and it's not something to take lightly. Two new vulnerabilities (CVEs) have been discovered, and they may already be under active exploitation. If you're scratching your head wondering what a CVE even is, no worries! We've got a CVEs and Vulnerabilities Explained post that breaks it all down in plain English.

But for now, here's the critical information on these two new CVEs:

Who's Affected?

These vulnerabilities affect iOS and iPadOS on devices with Apple silicon and Intel processors, specifically:

• iPhones XS and later
• iPad Pro (all models)
• iPad Air 3rd generation and later
• iPad 7th generation and later
• iPad mini 5th generation and later

Terminology 101

• CVE (Common Vulnerabilities and Exposures): Think of it like a digital fingerprint for every security flaw found in software. It helps experts track and address these issues.
• Kernel: The heart and soul of your operating system. It manages all the behind-the-scenes action, making sure everything runs smoothly.
• WebKit:The engine that powers Safari and many other apps to display web pages. It's like the interpreter between your device and the internet.
• Exploit: A malicious code snippet that takes advantage of a vulnerability to cause harm.

The Vulnerabilities

• CVE-2024-44308: This one targets the kernel, potentially letting attackers seize control of your device.
• CVE-2024-44309: This vulnerability affects WebKit, which could allow attackers to launch cross-site scripting (XSS) attacks. These attacks can trick your device into running malicious scripts.

The Detectives

Clément Lecigne and Benoît Sevens from Google's Threat Analysis Group deserve our thanks for uncovering these vulnerabilities.

Exploited in the Wild?

Here's the alarming part: Apple has stated they are aware of reports that these vulnerabilities may already be under active exploitation. This means hackers could be using them right now to target Apple users.

What's the Fix?

The good news is that Apple has already released patches. Here are the versions you need to be running to be protected:

• iOS 18.1.1 and iPadOS 18.1.1

Don't wait! Update your iPhone or iPad immediately by going to Settings > General > Software Update.

Stay safe online!

More Information:

• https://support.apple.com/en-us/121752
• https://www.darkreading.com/cyberattacks-data-breaches/apple-patches-actively-exploited-zero-days
• https://nvd.nist.gov/vuln/detail/CVE-2024-44308
• https://nvd.nist.gov/vuln/detail/CVE-2024-44309