Apple has issued urgent security updates to fix two critical vulnerabilities that have been actively exploited in cyberattacks targeting Mac users. The company described the updates, released on Tuesday, as “recommended for all users” and urged Mac, iPhone, and iPad owners to install the patches as soon as possible to protect their devices from potential threats.
In a security advisory posted on its website, Apple disclosed that the vulnerabilities were “zero-day” bugs, meaning they were unknown to the company at the time of the attacks. Both flaws reportedly affected Intel-based Mac systems and were identified by security researchers from Google’s Threat Analysis Group, which specializes in investigating state-sponsored hacking and cyber operations. The group’s involvement suggests that government-backed actors may be behind the attacks, possibly deploying sophisticated tools like commercial spyware to exploit these weaknesses.
The security flaws were found in WebKit and JavaScriptCore, the underlying engines that power the Safari browser and enable web content on Apple devices. WebKit is frequently targeted by malicious actors because successfully exploiting it can lead to deeper system compromises and allow access to sensitive user data.
Apple warned that these vulnerabilities could be exploited by tricking users into loading maliciously crafted web content, such as compromised websites or emails, which could trigger arbitrary code execution on their devices. This could potentially allow attackers to plant malware on an unsuspecting user’s system.
To address these critical issues, Apple released software updates for macOS, including fixes for Intel-based systems, as well as updates for iPhones and iPads, including devices running older versions of iOS 17. The company has advised all users to update their devices immediately.
Although details about the attacks, such as the number of affected users or the identities of the attackers, remain unclear, Apple’s swift response underscores the severity of the threat. The company’s advisory highlights the importance of staying vigilant and keeping devices updated to mitigate risks from emerging security threats.
To protect against potential exploits, users are encouraged to install the latest updates for macOS, iOS, and iPadOS by navigating to the “Software Update” section of their device settings.
