Apple on Tuesday released a security update “recommended for all users” after fixing two security bugs used in active cyberattacks targeting Mac users.
In a security advisory on its website, Apple said it was aware of two vulnerabilities that “may have been actively exploited on Intel-based Mac systems.” These bugs are considered “zero-day” vulnerabilities because they were unknown to Apple at the time they were exploited.
To fix the bug, Apple released a software update for macOS and a fix for iPhones and iPads, including users running older iOS 17 software.
It is not yet known who is behind the attack targeting Mac users, how many Mac users were targeted, or if any users were successfully compromised. The vulnerability was reported by security researchers at Google's Threat Analysis Group, which investigates government-sponsored hacking and cyberattacks, and suggests that government actors may be behind the attack. has been done. Commercially available telephone spyware may be used in government-sponsored cyberattacks.
As for the bugs themselves, Apple said the vulnerabilities are related to WebKit and JavaScriptCore, the web engines that power the Safari browser and run web content. WebKit is a frequent target of malicious hackers, who target vulnerabilities in the engine as a way to penetrate a device's broader software and exploit users' personal data.
According to the security advisory, this bug could be exploited to trick a vulnerable Apple device into processing maliciously crafted web content, such as a website or email, causing arbitrary code execution and targeting It can potentially plant malware on your device.
Users should update their iPhone, iPad, and Mac as soon as possible.
Apple did not comment when contacted by TechCrunch on Tuesday.