Urgent Apple Security Update: Protect Intel Macs, iPhones, & iPads Now

Apple IT admins were hit with a significant security warning this morning: two zero-day vulnerabilities are actively being exploited, affecting Intel Macs, iPhones, iPads, and even Vision Pro devices. Apple swiftly rolled out patches to address the flaws, which means IT teams must quickly verify software before rushing to install the updates.

For organizations using Mobile Device Management (MDM) tools, deploying updates is relatively straightforward, and devices can be secured rapidly. However, companies that don’t use these systems or rely on employees’ personal devices to access corporate data face a greater challenge in encouraging users to install the necessary updates. How can you convince staff to take action right away?

Why You Must Update Now

Apple has confirmed that these vulnerabilities are being actively exploited, meaning that any Intel-based system, including those used by people you work with, could be compromised. “Apple is aware of a report indicating this issue may have been actively used,” the company stated.

The vulnerabilities target common Apple software, including JavaScript and WebKit—the engine behind the Safari browser. In short, this makes all Apple users potential victims of the attack.

The silver lining is that Apple has already issued security patches, showcasing their proactive approach to safeguarding user data. Unlike other platforms that often scramble to patch up breaches, Apple consistently stays ahead of the threat curve. In fact, Apple tackled 20 zero-day vulnerabilities in 2023 alone and has already addressed six in 2024.

Patches are available for iOS 17, iPad OS 17, and Safari on macOS Ventura and Sonoma, ensuring a wide range of devices are protected.

Expert Insights

Michael Covington, VP of Portfolio Strategy at Jamf, emphasizes that all users should update their devices without delay. “Although Apple has specifically highlighted Intel-based systems as vulnerable, we recommend updating any device that could be affected. With the possibility of exploitation, it’s crucial for users and organizations to apply the latest security patches immediately,” Covington said.

What Are These Vulnerabilities?

The attacks leverage two flaws: one in macOS Sequoia JavaScriptCore (CVE-2024-44308) and another in WebKit (CVE-2024-44309). The first vulnerability allows remote code execution (RCE) through maliciously crafted web content, while the second enables cross-site scripting (XSS) attacks.

RCE attacks allow attackers to silently install malware, launch denial-of-service attacks, or steal sensitive information. Meanwhile, XSS vulnerabilities can facilitate the theft of personal data, potentially exposing users to identity theft or other criminal activities.

Who’s Behind These Attacks?

Details on the perpetrators remain scarce, but the vulnerabilities were discovered by Google’s Threat Analysis Group (TAG), which focuses on tracking government-backed cyber threats. This indicates that the attacks may have state-sponsored backing. Given the rise in similar threats, users in high-risk sectors may want to activate Apple’s Lockdown Mode to add an extra layer of protection. IT administrators should also review compliance standards, especially for older iPhones, iPads, and Intel Macs.

With these critical vulnerabilities being actively exploited, the urgency to update your devices is clear. Don’t wait—secure your systems today!