Apple has released urgent updates for iOS, iPadOS, macOS, visionOS, and Safari to patch two actively exploited zero-day vulnerabilities:
CVE-2024-44308 (CVSS 8.8): A JavaScriptCore flaw enabling arbitrary code execution via malicious web content.
CVE-2024-44309 (CVSS 6.1): A WebKit cookie management issue allowing cross-site scripting (XSS) attacks.
Discovered by Google's TAG researchers, these vulnerabilities likely target Intel-based Macs in spyware attacks. Affected devices include iPhones, iPads, Macs, and Apple Vision Pro. Users are urged to update to the latest versions to mitigate risks.