Apple has released a critical security update for Mac users following the discovery of two “zero-day” vulnerabilities that were actively exploited in cyberattacks targeting Intel-based Mac systems.
The tech giant is urging all users to update their devices immediately to mitigate the risks posed by these previously unknown flaws. The vulnerabilities, detailed in a security advisory on Apple’s website, are linked to WebKit and JavaScriptCore, the core technologies powering the Safari browser and web content processing on Apple devices.
WebKit, in particular, has been a frequent target for hackers aiming to exploit weaknesses to access sensitive user data. According to Apple’s security team, the flaws could allow attackers to execute malicious code on affected devices by luring users to specially crafted websites or emails. Such exploits could lead to malware installation and the potential compromise of personal data.
While Apple has confirmed the vulnerabilities were used in real-world attacks, the company has not disclosed the full scope of the damage. The attackers’ identities remain unknown, but there is speculation that state-sponsored entities might be involved. Security researchers from Google’s Threat Analysis Group, which focuses on government-backed cyber threats, were the first to report the vulnerabilities, reinforcing suspicions of nation-state involvement.
The update also includes patches for iPhones and iPads running older versions of iOS 17, addressing vulnerabilities across multiple platforms. Although the exact number of affected devices is unclear, the flaws predominantly impact Intel-based Macs, still widely used by many Apple customers.
Apple’s swift response underscores the growing importance of protecting users in an increasingly interconnected digital world. The company has urged all users to install the updates promptly to safeguard their devices and personal information.
