Overview
Apple has issued security updates to resolve two vulnerabilities affecting multiple Apple products, including iOS, Safari, iPadOS, macOS Sequoisa.
The first vulnerability, identified as CVE-2024-44308, involves a flaw in JavaScriptCore related to handling maliciously crafted web content. If exploited successfully, it could enable an attacker to execute arbitrary code.
The second vulnerability, CVE-2024-44309, pertains to cookie management in WebKit. This issue may result in cross-site scripting attacks when processing maliciously crafted web content.
Broadcom released security updates to address CVE-2024-38812 and CVE-2024-38813, two vulnerabilities affecting VMWare vCenter Server and VMWare Cloud Formation that could potentially allow remote code execution and privilege escalation if exploited.
However, the initial updates did not fully resolve the issues, prompting Broadcom to reissue the updates in October 2024. The revised advisory included updated software packages to fix both security flaws and functional problems identified after the original disclosure.
Broadcom has now updated its advisory once more to confirm that these vulnerabilities are being actively exploited in the wild.
Hive Support for Wordpress a high-risk vulnerability was identified in the Hive Support WordPress plugin (up to version 1.1.1). This flaw, designated CVE-2024-52370, allows attackers to exploit improper file upload handling, enabling the unauthorised execution of malicious files on a server.
Recommended Action
Apple – Security Releases
VMWare – Security Advisories
Fortinet – Pentera website
Hive Support for Wordpress – Patchstack database
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.