Apple issued critical security updates on Tuesday to address two vulnerabilities actively exploited in cyberattacks targeting Mac users. The company urged all users to update their devices promptly.
According to Apple’s security advisory, the vulnerabilities, categorized as "zero day" flaws, were unknown to the company before being exploited. These issues specifically affect Intel-based Mac systems.
To resolve these security gaps, Apple released macOS Sequoia 15.1.1 and iOS 18.1.1, providing updates for iPhones and iPads. Older iOS 17 versions also received necessary patches.
Details about the attackers or the scope of the incidents remain unclear, including whether any users were successfully compromised. However, the vulnerabilities were discovered by Google’s Threat Analysis Group, which often investigates cyberattacks linked to government entities. This raises speculation about potential involvement by state-sponsored actors, possibly using commercial spyware.
The flaws are connected to WebKit and JavaScriptCore, critical components of Safari and web content rendering on Apple devices. WebKit is a frequent target for hackers aiming to exploit vulnerabilities to gain access to broader system data.
Apple explained that these bugs could be exploited by tricking users into opening maliciously crafted web content, such as websites or emails. This can result in arbitrary code execution, potentially allowing attackers to install malware on the device.
Users are strongly advised to update their iPhones, iPads, and Macs immediately to mitigate the risks.
Apple declined to comment on the matter when contacted by TechCrunch.
Post a Comment