In a recent development, Apple has made public the discovery and subsequent patching of two zero-day vulnerabilities in macOS Sequoia that had been actively exploited by threat actors in the wild. The security update, released on Tuesday, included fixes for CVE-2024-44308 and CVE-2024-44309, both identified by Clément Lecigne and Benoît Sevens from Google’s Threat Analysis Group (TAG).
These vulnerabilities, once triggered by user interaction with a malicious webpage, could have serious consequences. CVE-2024-44308 could potentially allow for arbitrary code execution, while CVE-2024-44309 could lead to cross-site scripting attacks. It was noted by Apple that there were reports suggesting these vulnerabilities had been targeted on Intel-based Mac systems.
To address CVE-2024-44308 found in JavaScriptCore, Apple improved checks, while CVE-2024-44309 discovered in WebKit was fixed with enhanced state management relating to cookies. Though Apple usually provides limited details in its security advisories, it is crucial to note that these vulnerabilities were rectified in multiple Apple systems including Safari 18.1.1, iOS 17.7.2, iPadOS 17.7.2, and MacOS Sequoia 15.1.1.
The revelation of these zero-day vulnerabilities and their exploitation underscores a worrying trend of increased attacks targeting macOS devices throughout the year. Security firms like Trellix and Red Canary have highlighted a significant surge in Mac-based attacks, with threat actors like the Lazarus Group focusing their attention on macOS as its usage grows within organizations.
Laura Brosnan from Red Canary emphasized in a blog post the misconception that macOS devices are impervious to malware, a notion that has been shattered in 2024. SentinelOne also raised concerns about a recent attack on cryptocurrency-related businesses using Macs, possibly linked to threat actors associated with North Korea. They observed tactics where valid Apple developer accounts were exploited to have malware notarized by Apple to evade security measures.
In response to these escalating threats and the increasing prevalence of macOS crimeware, SentinelLabs issued a call to action for all macOS users, especially those in organizational settings, to bolster their security measures and be vigilant against potential risks. As the landscape evolves, it becomes imperative for users to remain proactive in safeguarding their systems against sophisticated cyber threats.
The disclosure and subsequent patching of these zero-day vulnerabilities by Apple serve as a stark reminder of the ever-present cybersecurity risks facing users of macOS devices. The collaborative efforts of security researchers and technology companies remain crucial in identifying and mitigating potential threats to ensure the continued safety and security of users’ digital environments.