Apple has issued a critical security advisory after uncovering and addressing two Mac-OS zero-day vulnerabilities actively exploited in the wild. The vulnerabilities, identified as CVE-2024-44308 and CVE-2024-44309, affect macOS Sequoia and were patched in the latest update, macOS Sequoia version 15.1.1. These exploits underscore the growing cybersecurity threats targeting macOS devices, particularly as their adoption in corporate and personal environments continues to rise.

The vulnerabilities were discovered by Clément Lecigne and Benoît Sevens, researchers from Google’s Threat Analysis Group (TAG). Apple has credited them for their role in identifying these flaws, which highlight a growing trend of threat actors focusing on macOS as a target for sophisticated attacks.

The Mac-OS zero-day Exploitation

What Are the macOS Sequoia Vulnerabilities?

Apple has described the two vulnerabilities and their potential impact:

• CVE-2024-44308: This vulnerability resides in JavaScriptCore, the engine that powers web content in macOS. Exploitation of this flaw allows arbitrary code execution, enabling attackers to take control of an affected system. The exploit is triggered when a user interacts with a malicious webpage, making this a particularly dangerous vulnerability for users who browse the web without additional protections.
• CVE-2024-44309: Found in WebKit, the core engine for Safari and other Apple applications, this vulnerability enables cross-site scripting (XSS) attacks. Exploiting this flaw, attackers can inject malicious scripts into trusted websites, potentially stealing sensitive information or compromising user sessions. Apple identified the root cause as a cookie-related issue and resolved it by improving state management.

Both vulnerabilities are confirmed to have been exploited in the wild, particularly targeting Intel-based Mac systems, though Apple has not disclosed specific details about the attack campaigns.

Patches and Affected Versions

Apple has rolled out patches across its ecosystem to address these vulnerabilities. The updates include:

• macOS Sequoia 15.1.1
• Safari 18.1.1
• iOS 17.7.2 and 18.1
• iPadOS 18.1
• visionOS 2.1

Apple urges users and organisations to update their devices immediately to mitigate the risk of exploitation.

The Mac-OS zero-day Exploitation

macOS: A New Focus for Cyber Threats

macOS has long enjoyed a reputation as a secure platform, leading many users to believe it is immune to malware and cyberattacks. However, 2024 has shattered this myth, with a sharp rise in macOS-targeted attacks.

Advertisement

What’s Driving the Surge in macOS Threats?

1. Increased Adoption: More organisations are deploying macOS devices for their workforce, making them attractive targets for cybercriminals.
2. Sophisticated Threat Actors: Advanced persistent threat (APT) groups, such as Lazarus Group, have shifted their focus to macOS, particularly targeting sectors like cryptocurrency and finance.
3. Rising Malware Variants: Security researchers have identified a surge in macOS-specific malware, including Atomic Stealer, Poseidon Stealer, and Cthulhu Stealer.

In a recent blog post, Trellix researchers highlighted how threat actors are adapting to exploit macOS vulnerabilities, particularly as corporate usage grows. They noted that threat actors are even using valid Apple developer accounts to notarise their malware, bypassing macOS’s built-in security protections.

---

Insights from the Cybersecurity Community

Cybersecurity experts have weighed in on the significance of these developments:

• Laura Brosnan, a senior information security specialist at Red Canary, emphasised the urgency of addressing misconceptions about macOS security:“Many people still hold the belief that macOS is immune to malware—a dangerous misconception. However, 2024 has shattered that illusion.”
• Researchers at SentinelOne observed that North Korea-affiliated threat actors are actively targeting macOS, particularly organisations in the cryptocurrency sector. Their analysis revealed a troubling trend: attackers are manipulating legitimate Apple developer accounts to bypass security measures.

---

Protecting macOS Users from Emerging Threats

With macOS under increasing attack, both individual users and organisations need to take proactive steps to safeguard their systems:

1. Update All Devices Immediately: Ensure that macOS Sequoia, Safari, and all other Apple devices are updated to the latest versions. Updates include critical patches for the vulnerabilities described above.
2. Implement Advanced Security Solutions: Use endpoint protection tools to detect and mitigate malware threats.
3. Educate Teams on Security Risks: Organisations should conduct training sessions to inform employees about the rising risks of macOS-targeted malware.
4. Adopt Additional Security Layers: Implement firewalls, sandboxing tools, and multi-factor authentication (MFA) to reduce attack surfaces.
5. Monitor System Activity: Regularly review logs and system activity to identify unusual behaviour that might indicate a breach.

---

The Road Ahead for macOS Security

Apple’s swift response to these vulnerabilities demonstrates its commitment to addressing emerging threats, but it also highlights the need for vigilance among users and organisations. As macOS adoption continues to grow, so too will the interest of cybercriminals in exploiting the platform.

The increasing sophistication of attacks, coupled with the perception of macOS as a secure system, creates a dangerous scenario where users may underestimate risks. By staying informed, applying updates promptly, and adopting robust security practices, users can significantly reduce their exposure to these threats.

For more updates on technology and cybersecurity in the UAE, visit What’s Hot in UAE.

Advertisement

With the December 2024 release on the horizon, iOS 18.2 is set to bring Apple users a host of new features, upgrades, and customisation options. This latest update focuses on making Apple’s intelligence and user interface more versatile, efficient, and personal.

1. Apple Intelligence Enhancements: Siri Gets Smarter

Apple’s AI capabilities see major improvements, branded as “Apple Intelligence.” This includes:

• Image Playground: A new tool for creating and editing visuals with AI support, transforming sketches into finished images, perfect for content creators and casual users alike.
• Genmoji: Personalise your emoji with AI-generated options, letting users add their personal touch to emojis across messaging and social media.
• ChatGPT-Enabled Siri: Integrating ChatGPT’s language model makes Siri’s responses more detailed and contextual, catering better to individual user questions.
• Visual Intelligence: Available on iPhone 16 models, the camera now recognises objects and scenes more accurately for added depth to your photography experience.

2. Revamped Mail App

The Mail app has been completely redesigned, enhancing functionality with an on-device categorisation feature that auto-sorts emails into Primary, Updates, Promotions, and more. Bigger contact images and a digest view for business emails improve the overall look and make it easier to organise and find messages at a glance.

Advertisement

3. New Customisation: Default Apps

With iOS 18.2, Apple introduces more flexibility with the option to set default apps for messaging, email, and calling. This customisation means users can choose their favourite apps as default, streamlining access to frequently used services.

4. Volume Limit Control for Safer Listening

In the Sound and Haptics settings, users can now set a volume limit, restricting maximum playback levels for headphones and speakers to help protect hearing and manage sound levels for a safer, healthier listening experience.

5. Regional-Specific Updates for the EU

Advertisement

To meet recent EU regulations, iOS 18.2 allows EU-based users to delete core apps such as the App Store, Safari, Messages, and Camera. Third-party browsers can also now create web apps for iPhone’s Home screen with their own engines, making iOS more adaptable to new regional requirements.

6. Enhanced Voice Memos Functionality

The Voice Memos app now allows layering of two audio tracks for editing, making it ideal for recording and mixing, whether for business, education, or personal projects.

Final Thoughts on iOS 18.2

iOS 18.2 is a feature-rich update, bringing personalised customisation, advanced AI integration, and EU-specific flexibility. Expect these updates to enhance the overall Apple experience, giving users new ways to make their iPhones smarter, safer, and even more versatile.

Advertisement

Read more about the latest updates and cool tech here at What’s Hot in UAE.

In an intriguing shift, Apple has reportedly scaled back production of its first-generation Vision Pro spatial computer only months after its launch. Originally priced at a hefty AED 12,856 ($3,499), the Vision Pro’s high cost has deterred many potential buyers, despite being Apple’s flagship mixed reality device. This strategic adjustment is seen as Apple’s response to market dynamics, with plans potentially underway for a more affordable mixed reality headset aimed at competing with companies like Meta, which offers lower-priced AR/VR devices. Apple to Discontinue Vision Pro Production is big news.

Scaling Back Production: Vision Pro’s Revised Output

A recent report from The Information reveals that Apple’s Vision Products Group has “sharply scaled back” production of the Vision Pro. Sources within Apple’s supply chain have disclosed that production output may even be cut in half by the end of the year. Components for up to 600,000 headsets were initially manufactured, but dwindling demand has led to reduced production levels. As a result, “tens of thousands of undelivered parts” are reportedly sitting in warehouses, reflecting a notable shift from Apple’s initial production ambitions.

This move follows an initial surge in component manufacturing, with a volume that has now exceeded current demand levels. Apple’s choice to limit production while satisfying the present market demand underscores its strategic pivot toward a more diversified product lineup within the mixed reality category.

Vision Pro’s Price Barrier and Market Position

At AED 12,856 ($3,499), the Vision Pro’s steep price has positioned it within a niche segment, accessible primarily to enterprise users or tech enthusiasts. By contrast, many AR/VR competitors, such as Meta’s Quest series, provide mixed reality experiences at significantly lower price points, making them more accessible to a broader consumer base. Apple’s high-end approach has established the Vision Pro as a premium option with robust capabilities, but the lack of mass-market adoption suggests a shift in Apple’s focus towards affordability.

Apple’s Vision for a More Affordable Headset

According to Bloomberg’s Mark Gurman, Apple’s Vision Products Group is now developing a new mixed reality device with a reduced price tag expected to be around AED 7,350 ($2,000). Scheduled for release as early as next year, this affordable version will likely lack certain high-end features—such as the Vision Pro’s unique EyeSight capability—allowing Apple to achieve the lower cost. The device is anticipated to balance high-quality features with cost-effective design choices, positioning it as a competitive option in the expanding AR/VR market.

Advertisement

While this lower-priced model aims to capture a wider audience, Apple remains committed to its premium segment with plans for a Vision Pro successor in 2026. This future version will likely feature a more advanced chip, enhancing performance while retaining its position as Apple’s flagship AR/VR offering.

Strategic Response to AR/VR Market Trends

Apple’s shift comes in response to a growing competitive landscape, with companies like Meta dominating the more affordable AR/VR headset market. While the Vision Pro introduced Apple’s cutting-edge approach to spatial computing, the industry’s competitive pricing has prompted Apple to adjust its product line to cater to a broader range of consumers. By introducing a mid-tier headset, Apple aims to secure a greater share of the rapidly evolving AR/VR market, making mixed reality experiences more accessible without sacrificing quality.

The shift to diversify its product range highlights Apple’s pragmatic approach to balancing technological innovation with market realities. With Meta’s Quest 3 expected to retail at around AED 1,650 ($449), Apple’s price adjustments reflect a strategic move to compete more effectively against lower-cost AR/VR headsets, while also reinforcing its premium status with plans for an advanced Vision Pro update in 2026.

Production and Component Adjustments

Feedback from three Apple suppliers indicates that while components for hundreds of thousands of Vision Pro units were initially produced, the company has scaled back due to decreasing demand. The current production output is aligned with the anticipated sales volume, with ample inventory to meet immediate demand without surplus manufacturing. This balance allows Apple to avoid overproduction while preparing for future expansions with newer, more competitively priced models.

Read more about cool stuff here at What’s Hot in UAE

Advertisement