On Tuesday, Apple released security updates that it has deemed “recommended for all users” following the resolution of a pair of security flaws that were employed in active cyberattacks against Mac users
Apple acknowledged two vulnerabilities that “may have been actively exploited on Intel-based Mac systems” in a security advisory posted on its website. Apple was unaware of the flaws when they were exploited, which is why they are referred to as “zero-day” vulnerabilities.
A software update for macOS, as well as fixes for iPhones and iPads, was released by Apple to resolve the issues, including those that were running the older iOS 17 software.
It is currently unknown who is responsible for the attacks directed at Mac users, the number of users targeted, or whether any of them have been successfully compromised.
Security researchers disclosed the vulnerabilities at Google’s Threat Analysis Group, which investigates government-sponsored hacking and cyberattacks.
This indicates that a government actor may be involved in the attacks. Commercial phone spyware is occasionally employed in government-sponsored intrusions.
In terms of the flaws, Apple stated that the vulnerabilities are associated with WebKit and JavaScriptCore, the web engines responsible for the Safari browser’s operation and the execution of web content.
Malicious hackers frequently exploit WebKit’s vulnerabilities to gain access to the user’s private data and gain access to the device’s broader software.
According to the security advisory, the flaws can be exploited by deceiving vulnerable Apple devices into processing maliciously crafted web content, such as a website or email, to initiate arbitrary code execution. This can facilitate the installation of malware on a target’s device.
It is recommended that users promptly update their iPhones, iPads, and Macs.