Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
67,555
37,930


The iOS 18.1.1, iPadOS 18.1.1, and macOS Sequoia 15.1.1 updates that Apple released today address JavaScriptCore and WebKit vulnerabilities that Apple says have been actively exploited on some devices.

bug-security-vulnerability-issue-fix-larry.jpg

With the JavaScriptCore vulnerability, processing maliciously crafted web content could lead to arbitrary code execution. The WebKit vulnerability had the same issue with maliciously crafted web content, and it could lead to a cross site scripting attack.

Apple says that it is aware of reports that these two issues may have been actively exploited on Intel-based Mac systems. While the vulnerabilities are only known to have impacted older Macs, other devices are vulnerable to attack because they have the same security flaws.

For that reason, it is a good idea to update your devices to the latest software as soon as possible.

Article Link: Make Sure to Update: iOS 18.1.1 and macOS Sequoia 15.1.1 Fix Actively Exploited Vulnerabilities
 
macOS Sequoia 15.1.1 isn't even showing up for me yet 🤷‍♂️

EDIT: Rebooted my MBP and now it is showing up. Installing now...
 
patches involved
iOS 18.1.1 (Build 22B91) - November 19, 2024
iPadOS 18.1.1 (Build 22B91) - November 19, 2024
iPadOS 17.7.2 (Build 21H22) November 19, 2024
macOS 15.1.1 (Build 24B91 | 24B2091) - November 19, 2024
visionOS 2.1.1 (Build 22N591) - November 19, 2024
 
  • Like
Reactions: audiophilosophy
They didnt fix any bugs....I feel like they just pushed it out for Thanksgiving. IOS 18 has been a mess. Messed up icloud storage (doesn't collabrate the correct number), issues with messages app where messages show up as group text when its only 1 single text between me and 1 other person. The list goes on and on. I bet the notes app isn't fixed either
 
They didnt fix any bugs....I feel like they just pushed it out for Thanksgiving. IOS 18 has been a mess. Messed up icloud storage (doesn't collabrate the correct number), issues with messages app where messages show up as group text when its only 1 single text between me and 1 other person. The list goes on and on. I bet the notes app isn't fixed either
Not supposed to I understand, just plug a vulnerability.
 
And yet, ads on iOS can open a browser without our authorization if we touch anywhere on their full-screen videos, or touch one pixel outside their tiny 16×16 pixels "close" button.

Apple really needs to take over the ads with their own standard interface layered on top of the ads, and prompt us if we really want to open a URL in the browser.
 
There’s a much much higher likelihood of you being bit by a bug that Apple likely introduced with this update than you ever getting exploited from this security hole ;)
 
They didnt fix any bugs....I feel like they just pushed it out for Thanksgiving. IOS 18 has been a mess. Messed up icloud storage (doesn't collabrate the correct number), issues with messages app where messages show up as group text when its only 1 single text between me and 1 other person. The list goes on and on. I bet the notes app isn't fixed either
They fixed CVE-2024-44308 and CVE-2024-44309.
 
Well, you might take the time to go to Apple’s security updates websites and see for yourself. According to Apple’s notes the 15.1.1 mainly affects Intel based Macs.

Apple Security Releases
Well the updates for iOS, iPad OS and Vision OS don‘t exactly scream confidence in the „just intel based macs“…… Don‘t remember any intel powered devices there….
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.