High Threat Security Alert (A24-11-16): Multiple Vulnerabilities in Apple Products

Description:

Apple has released iOS 17.7.2, iOS 18.1.1, iPadOS 17.7.2, iPadOS 18.1.1, macOS Sequoia 15.1.1 and Safari 18.1.1 to fix the vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
https://support.apple.com/en-us/121752
https://support.apple.com/en-us/121753
https://support.apple.com/en-us/121754
https://support.apple.com/en-us/121756

Reports indicated that multiple vulnerabilities (CVE-2024-44308 and CVE-2024-44309) are being actively exploited. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• iPhone XS and later
• iPad 6th generation and later, Air 3rd generation and later, mini 5th generation and later, Pro 10.5-inch, Pro 11-inch 1st generation and later, Pro 12.9-inch 2nd generation and later, Pro 13-inch
• macOS Sequoia versions prior to version 15.1.1
• Safari versions prior to version 18.1.1 on macOS Ventura and macOS Sonoma

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to remote code execution or spoofing on an affected device.

Recommendation:

Patches for affected products are available. Users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

More Information:

• https://support.apple.com/en-us/121752
• https://support.apple.com/en-us/121753
• https://support.apple.com/en-us/121754
• https://support.apple.com/en-us/121756
• https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20241120
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44308 (to CVE-2024-44309)