Apple has issued a critical security update for Mac users after two "zero-day" vulnerabilities were discovered, actively exploited in cyberattacks targeting Intel-based Mac systems.
The company has urged all users to update their devices to protect against these newly discovered flaws, which were previously unknown to the tech giant at the time they were exploited.
According to a security advisory published on Apple’s website, the vulnerabilities are linked to WebKit and JavaScriptCore—the core engines responsible for powering the Safari browser and processing web content on Apple devices.
WebKit, in particular, has long been a target for hackers attempting to exploit weaknesses to gain access to sensitive user data.
Apple’s security team has emphasized that these flaws can be exploited by malicious actors, allowing them to trick affected Mac devices into executing harmful code through specially crafted websites or emails. This could result in the installation of malware and the potential compromise of personal information.
While Apple has confirmed that the vulnerabilities have been used in active attacks, it has not disclosed the full extent of the damage. The identity of the attackers remains unknown, though the involvement of a state-backed cyberattack is being considered.
Security researchers from Google’s Threat Analysis Group, which investigates government-backed cyberattacks, first reported the vulnerabilities, hinting that a nation-state actor could be responsible.
The software update, which also includes fixes for iPhones and iPads running older versions of iOS 17, is recommended for all users. Although the exact number of affected devices is unclear, the vulnerabilities primarily impact devices running older Intel-based Mac processors, which are still used by a large portion of Apple’s customer base.
Apple's decision to release updates across its operating systems, including macOS, iOS, and iPadOS, highlights the growing threats to users’ privacy and security in today’s highly interconnected digital landscape. The company has urged its users to install the updates as soon as possible to avoid any potential risks.
