Apple has released a critical security update for macOS Sequoia, version 15.1.1, urging millions of Mac and MacBook users to update their systems as soon as possible. The update comes just weeks after the significant 15.1 release, which addressed various bugs and security issues while introducing Apple Intelligence suite’s generative AI software. The new update patches two critical security vulnerabilities related to JavaScriptCore and WebKit.
The JavaScriptCore issue fixes problems with maliciously crafted web content, while the WebKit vulnerability resolves cross-site scripting attack concerns. These issues are documented as CVE-2024-44308 and CVE-2024-44309. Cybersecurity experts, including CISA, stress the importance of applying these updates to prevent potential cyber threats.
macOS update addresses major vulnerabilities
If left unpatched, the vulnerabilities could allow malicious actors to take control of affected systems. The macOS Sequoia 15.1.1 update supports all Macs and MacBooks running on Apple Silicon M-series chipsets and several Intel-powered models, including iMac Pros since 2017, iMacs since 2019, MacBook Pros since 2018, Mac Minis since 2018, and Mac Pros since 2019.
To manually update to macOS 15.1.1, users with newer models should go to System Settings, then General, then Software Update, and click “Update Now.” For older models, users should go to System Preferences and click on Software Update. Apple has confirmed that the vulnerabilities, credited to Google’s Threat Analysis Group (TAG), are being actively exploited on Intel-based macOS systems. As is customary, Apple’s security response team did not provide any details on the reported attacks or indicators of compromise to help defenders hunt for signs of infections.
Earlier this month, North Korean cryptocurrency thieves were found once again with a new malware campaign that uses phishing emails, fake PDF applications, and a novel technique to evade Apple’s security measures. The company urged users across the Apple ecosystem to apply the urgent updates immediately to protect their devices from potential security threats.
