After addressing two security flaws that were being used in ongoing cyberattacks on Mac users, Apple released security patches on Tuesday that it claims are “recommended for all users.”
Apple stated that it was aware of two vulnerabilities that “may have been actively exploited on Intel-based Mac systems” in a security bulletin posted on its website. Since Apple was unaware of the issues at the time they were exploited, they are referred to as “zero day” vulnerabilities.
Apple published a macOS software update to address the issues, along with patches for iPhones and iPads, even those running the outdated iOS 17 software.
The perpetrator of the assaults against Mac users, the number of Mac users targeted, and whether any were successfully compromised are all unknown at this time. Security researchers at Google’s Threat Analysis Group, which looks into hacking and cyberattacks supported by the government, discovered the vulnerabilities, raising the possibility that a government actor was behind the attacks. Commercial phone spyware is occasionally used in cyberattacks supported by the government.
Regarding the issues themselves, Apple stated that WebKit and JavaScriptCore, the web engines that run online content and power the Safari browser, are at risk. Malicious hackers frequently target WebKit, looking for weaknesses in the engine to gain access to the device’s broader software and acquire the user’s personal information.
According to the security warning, the vulnerabilities can be used to deceive susceptible Apple devices into processing maliciously created web content, like an email or website, which can lead to arbitrary code execution and the installation of malware on the target’s device.
As soon as feasible, users should upgrade their Macs, iPhones, and iPads.