Apple has issued urgent security updates addressing two zero-day vulnerabilities actively exploited in cyberattacks targeting Mac users. The updates, released Tuesday, include fixes for macOS, iPhones, and iPads, including devices running the older iOS 17. Apple strongly recommends all users apply these updates immediately.
In a security advisory, Apple disclosed that the vulnerabilities, found in Intel-based Mac systems, might have been exploited in the wild. Google’s Threat Analysis Group, known for investigating state-sponsored hacking, reported the flaws. While it remains unclear who initiated the attacks, the involvement of government-backed actors is suspected, as these groups frequently use sophisticated tools like commercial spyware to target devices.
The vulnerabilities are located within WebKit and JavaScriptCore, the engines powering Apple’s Safari browser and web content. Exploiting these flaws involves tricking users into processing maliciously crafted web content—such as visiting a compromised website or interacting with a malicious email—allowing attackers to execute arbitrary code. This could lead to malware being planted on affected devices, compromising user data and system integrity.
WebKit has been a frequent target for malicious hackers due to its role in facilitating broader access to Apple devices. This makes patching these vulnerabilities critical for safeguarding user security.
Apple’s swift response emphasizes the severity of the issue, though key details—such as the scale of the attacks and the number of devices compromised—remain unknown. Users are urged to update their devices to the latest software versions to mitigate these risks.
