Apple has issued a critical security advisory after uncovering and addressing two Mac-OS zero-day vulnerabilities actively exploited in the wild. The vulnerabilities, identified as CVE-2024-44308 and CVE-2024-44309, affect macOS Sequoia and were patched in the latest update, macOS Sequoia version 15.1.1. These exploits underscore the growing cybersecurity threats targeting macOS devices, particularly as their adoption in corporate and personal environments continues to rise.
The vulnerabilities were discovered by Clément Lecigne and Benoît Sevens, researchers from Google’s Threat Analysis Group (TAG). Apple has credited them for their role in identifying these flaws, which highlight a growing trend of threat actors focusing on macOS as a target for sophisticated attacks.
The Mac-OS zero-day Exploitation
What Are the macOS Sequoia Vulnerabilities?
Apple has described the two vulnerabilities and their potential impact:
- CVE-2024-44308: This vulnerability resides in JavaScriptCore, the engine that powers web content in macOS. Exploitation of this flaw allows arbitrary code execution, enabling attackers to take control of an affected system. The exploit is triggered when a user interacts with a malicious webpage, making this a particularly dangerous vulnerability for users who browse the web without additional protections.
- CVE-2024-44309: Found in WebKit, the core engine for Safari and other Apple applications, this vulnerability enables cross-site scripting (XSS) attacks. Exploiting this flaw, attackers can inject malicious scripts into trusted websites, potentially stealing sensitive information or compromising user sessions. Apple identified the root cause as a cookie-related issue and resolved it by improving state management.
Both vulnerabilities are confirmed to have been exploited in the wild, particularly targeting Intel-based Mac systems, though Apple has not disclosed specific details about the attack campaigns.
Patches and Affected Versions
Apple has rolled out patches across its ecosystem to address these vulnerabilities. The updates include:
- macOS Sequoia 15.1.1
- Safari 18.1.1
- iOS 17.7.2 and 18.1
- iPadOS 18.1
- visionOS 2.1
Apple urges users and organisations to update their devices immediately to mitigate the risk of exploitation.
The Mac-OS zero-day Exploitation
macOS: A New Focus for Cyber Threats
macOS has long enjoyed a reputation as a secure platform, leading many users to believe it is immune to malware and cyberattacks. However, 2024 has shattered this myth, with a sharp rise in macOS-targeted attacks.
What’s Driving the Surge in macOS Threats?
- Increased Adoption: More organisations are deploying macOS devices for their workforce, making them attractive targets for cybercriminals.
- Sophisticated Threat Actors: Advanced persistent threat (APT) groups, such as Lazarus Group, have shifted their focus to macOS, particularly targeting sectors like cryptocurrency and finance.
- Rising Malware Variants: Security researchers have identified a surge in macOS-specific malware, including Atomic Stealer, Poseidon Stealer, and Cthulhu Stealer.
In a recent blog post, Trellix researchers highlighted how threat actors are adapting to exploit macOS vulnerabilities, particularly as corporate usage grows. They noted that threat actors are even using valid Apple developer accounts to notarise their malware, bypassing macOS’s built-in security protections.
Insights from the Cybersecurity Community
Cybersecurity experts have weighed in on the significance of these developments:
- Laura Brosnan, a senior information security specialist at Red Canary, emphasised the urgency of addressing misconceptions about macOS security:“Many people still hold the belief that macOS is immune to malware—a dangerous misconception. However, 2024 has shattered that illusion.”
- Researchers at SentinelOne observed that North Korea-affiliated threat actors are actively targeting macOS, particularly organisations in the cryptocurrency sector. Their analysis revealed a troubling trend: attackers are manipulating legitimate Apple developer accounts to bypass security measures.
Protecting macOS Users from Emerging Threats
With macOS under increasing attack, both individual users and organisations need to take proactive steps to safeguard their systems:
- Update All Devices Immediately: Ensure that macOS Sequoia, Safari, and all other Apple devices are updated to the latest versions. Updates include critical patches for the vulnerabilities described above.
- Implement Advanced Security Solutions: Use endpoint protection tools to detect and mitigate malware threats.
- Educate Teams on Security Risks: Organisations should conduct training sessions to inform employees about the rising risks of macOS-targeted malware.
- Adopt Additional Security Layers: Implement firewalls, sandboxing tools, and multi-factor authentication (MFA) to reduce attack surfaces.
- Monitor System Activity: Regularly review logs and system activity to identify unusual behaviour that might indicate a breach.
The Road Ahead for macOS Security
Apple’s swift response to these vulnerabilities demonstrates its commitment to addressing emerging threats, but it also highlights the need for vigilance among users and organisations. As macOS adoption continues to grow, so too will the interest of cybercriminals in exploiting the platform.
The increasing sophistication of attacks, coupled with the perception of macOS as a secure system, creates a dangerous scenario where users may underestimate risks. By staying informed, applying updates promptly, and adopting robust security practices, users can significantly reduce their exposure to these threats.