Apple has released iOS 18.1.1, urging iPhone users to update immediately. The emergency update addresses two significant security vulnerabilities—CVE-2024-44308 and CVE-2024-44309—that could allow attackers to compromise devices through malicious web content and cross-site scripting attacks. These flaws are reportedly being actively exploited, making this update a must for all users.
What’s at Stake with the Latest Security Flaws
The first vulnerability, in the JavaScriptCore framework, could allow attackers to execute malicious code on a device after interacting with compromised web content. Apple confirmed it has been exploited, even on Intel-based Mac systems. The second flaw, in WebKit, the engine powering Safari, enables attackers to inject harmful scripts into trusted websites, potentially stealing data and manipulating user sessions.
Apple also released updates for other platforms, including iOS 17.7.2 for older devices, macOS Sequoia 15.1.1, and visionOS 2.1.1, to patch the same vulnerabilities. These fixes introduce stronger checks to prevent malicious activity and enhance data security during web browsing.
Expert Advice: Update Immediately to iOS 18.1.1
Security experts emphasize the urgency of applying the updates. Sean Wright, a leading application security specialist, highlights the risks, explaining that attackers could exploit these flaws to redirect users to malicious sites or steal session tokens. Michael Covington of Jamf underscores the importance of patching WebKit vulnerabilities quickly due to their wide-ranging impact on Apple’s ecosystem.
With the US Cybersecurity and Infrastructure Agency (CISA) issuing its own warning, the message is clear: update now. CISA notes that these vulnerabilities could enable attackers to take control of affected devices, posing risks to both individuals and organizations.
To stay protected, go to Settings > General > Software Update and install iOS 18.1.1 or iOS 17.7.2 immediately. Apple’s quick action highlights the critical nature of these vulnerabilities—don’t delay in securing your device.