rewrite this content and keep HTML tags
Key Takeaways
- Apple has rolled out security patches for JavaScriptCore and WebKit vulnerabilities across its multiple operating systems.
- These zero-day security exploits were first identified by Google's Threat Analysis Group (TAG).
- Over-the-air security patches are available now, and it's highly recommended that you download and install these updates.
Hot off the heals of an entire week of new Mac hardware announcements, Apple has switched gears to plug a major security vulnerability found across its operating systems. According to the company, these vulnerabilities are related to its JavaScriptCore and WebKit web engine technologies, which underpin the functioning of internet access.
These patches come in the form of macOS Sequoia 15.1.1, iOS 18.1.1, iPadOS 18.1.1, visionOS 2.1.1., and Safari 18.1.1. Apple has also gone ahead and pushed out updates to older systems running macOS Sequoia 15.x, iOS 17.x, and iPadOS 17.x.
With regard to the JavaScriptCore vulnerability, Apple says that “processing maliciously crafted web content may lead to arbitrary code execution.” As for the WebKit security flaw, the company says that “processing maliciously crafted web content may lead to a cross site scripting attack.”
In both cases, the company has addressed the exploits via “improved checks” and “improved state management.” These x.x.1 security patches are now broadly available to all users via over-the-air (OTA) updates.
Related
Apple seems to have finally killed off its Lightning-to-3.5mm adapter
It's the end of a not so great era.
How serious are these security vulnerabilities?
It's unclear whether any real-world devices have been compromised
According to Apple, it's aware that the issue “may have been actively exploited on Intel-based Mac systems.” There's no word on whether any Apple Silicon-based Macs or any of the company's mobile devices suffered active exploits, leaving much still up in the air. As is the nature of “zero day” exploits such as these, in which the vulnerability is initially unknown to the software company, information is still sparse while investigations take place.
Interestingly, it appears that it's Google that initially brought these security weak points to light.
Interestingly, it appears Google initially brought these security weak points to light — the company's Threat Analysis Group (TAG), which specializes in countering government-backed attacks, identified the threats and reported them to Apple. This is a possible indication that these exploits may have been used by sophisticated bad actors, such as by adversarial government agencies.
Apple's swift response to these security vulnerabilities is great to see — especially its commitment to patching out the exploits on older devices not running the latest versions of macOS, iOS, and iPadOS. In any case, it's highly recommended that all Apple users download and install these latest security patches to stay as protected and risk-free as possible.
Pocket-lint has reached out to Apple for comment and will update this story with a response if we receive one.
Related
Apple's TV set isn't dead yet
Apple is reportedly still considering releasing its own TV set, but its fate could be determined by its upcoming smart home hub.