Apple has released macOS Sequoia 15.1.1, a security update addressing two significant vulnerabilities that could potentially expose Mac users to security risks. Released on November 19, 2024, this update focuses on critical improvements in web content processing and browser security.
JavaScriptCore Vulnerability (CVE-2024-44308) The first critical security issue involves JavaScriptCore, Apple's JavaScript engine. Researchers from Google's Threat Analysis Group, Clément Lecigne and Benoît Sevens, discovered a vulnerability that could allow arbitrary code execution through maliciously crafted web content.
WebKit Cookie Management Vulnerability (CVE-2024-44309) The second vulnerability affects WebKit, the web browser engine used across Apple platforms. This issue could enable cross-site scripting (XSS) attacks through manipulation of cookie management processes.
Recommendations for users:
1. Update to macOS Sequoia 15.1.1 immediately 2. Enable automatic system updates 3. Be cautious when browsing unfamiliar websites 4. Keep all applications and browsers updated
(Credit: Clément Lecigne and Benoît Sevens from Google's Threat Analysis Group reported these vulnerabilities.)
