As a seasoned cybersecurity researcher with years of experience under my belt, I can’t help but feel a sense of deja vu when reading about these latest zero-day vulnerabilities affecting Apple’s Intel-based Mac computers. It seems like just yesterday we were dealing with similar issues, only to find out that the culprit was none other than the reclusive North Korean cyber army.
In simpler terms, Apple, a leading tech company, has issued a solution (patch) for two unidentified weaknesses (zero-day vulnerabilities) that cybercriminals had been using to infiltrate computers running on Intel processors from the Mac family.
As per the advisory issued by Apple on November 19th, these two vulnerabilities are currently being exploited. This exploitation occurs when the system processes specially designed web content with malicious intent.
The vulnerabilities even caught the attention of the co-founder and former CEO of Binance, Changpeng “CZ” Zhao, who chimed in, warning users to update their tech immediately to avoid falling prey to the exploit.
“If you use a Macbook with Intel based chip, update asap!” he said.
Among the issues identified, labeled as CVE-2024-44308 by Apple, allows for the execution of harmful code within the JavaScriptCore program without the user’s awareness or consent. Apple stated that they addressed this problem by enhancing their validation processes.
The second identified vulnerability, CVE-2024-44309, potentially triggers a “cross-site scripting incident” within Apple’s WebKit browser engine. This type of cyberattack might allow hackers to insert harmful code into other websites or applications that are being accessed.
Apple said this was “a cookie management issue” and was addressed with” improved state management.”
In usual fashion, the tech titan waited to reveal, talk about, or verify the issues only after they had been examined and a solution (patch) was prepared to rectify them.
An unforeseen vulnerability or error, known as a “zero-day issue,” is exploited by cybercriminals prior to the software creator having the opportunity to correct or remedy it, providing no time for resolution.
As a researcher, I’m currently grappling with a lack of comprehensive information. At this point, I’m unaware of the identity of the party responsible for the suspected hacking incident. Moreover, I can’t determine the exact number of users potentially impacted, or if any of the cyberattacks have been successfully executed.
The tech titan acknowledges that it was Google’s security experts, specifically Clement Lecigne and Benoit Sevens, who discovered the issues in question.
It’s worth noting that both individuals hail from the same organization – the Threat Analysis Group of our company. This team primarily targets government-supported hacking and assaults on Google. This might imply that the potential perpetrator in this instance could be a hostile nation.
Earlier this month, I found myself in the crosshairs as a Mac user, with North Korean hackers launching a fresh malware attack aimed squarely at us. On November 12th, these cybercriminals were observed using phishing emails, bogus PDF applications, and an ingenious method to bypass Apple’s security protocols.
The researchers stated that this was the initial occasion where they observed such technology being utilized to breach Apple’s macOS system; however, they discovered it was incompatible with recently updated systems.
In October, it was discovered that North Korean cybercriminals had taken advantage of a flaw in Google’s Chrome browser to pilfer cryptocurrency wallet details as well.
Read More
- DUSK PREDICTION. DUSK cryptocurrency
- LDO PREDICTION. LDO cryptocurrency
- JTO PREDICTION. JTO cryptocurrency
- Looks Like DOOM 64 Is Getting a Native PS5 Port
- Marvel Rivals Season 1 is bringing the Fantastic Four — here’s the Invisible Woman in action
- Blockchain is the best fintech to ensure Sharia ethics — Web3 exec
- DGB PREDICTION. DGB cryptocurrency
- Mean Girls Star Has Perfect Idea for a Reunion After Christmas Movie Success
- Welcome Home
- EUR INR PREDICTION
2024-11-21 05:08