Apple Warns Of Cyberattacks Exploiting Zero-Day Bugs In Macs And iPhones

Apple has released critical security updates to address two newly discovered vulnerabilities actively exploited in targeted cyberattacks against Mac users. 

The flaws, found in WebKit and JavaScriptCore—the core components of the Safari browser—allow attackers to execute arbitrary code on a device by tricking users into processing maliciously crafted web content, such as a compromised website or email. The company has urged all users to update their devices immediately to mitigate the risk.

The vulnerabilities, known as zero-day exploits, were reported by security researchers from Google’s Threat Analysis Group. This team specialises in tracking government-backed hacking campaigns, raising suspicions that a state-sponsored actor may be behind the attacks. 

While the scope of the exploitation remains unclear, the advisory mentions that Intel-based Macs are particularly at risk. iPhones and iPads, including those running older iOS 17 versions, are also affected.

Apple’s response includes software updates for macOS, iOS, and iPadOS designed to neutralize the flaws. Although details about the attackers and the potential number of victims remain undisclosed, the vulnerabilities underscore the persistent targeting of Apple’s WebKit engine by cybercriminals seeking to compromise users’ data. WebKit’s central role in rendering web content makes it a frequent point of attack.