Apple urgently closed two zero-day vulnerabilities in macOS, iOS and iPadOS

Apple has released emergency security updates for macOS, iOS and iPadOS, eliminating two critical zero-day vulnerabilities that were actively exploited by hackers. Security concerns surround WebKit and JavaScriptCore, key components designed to handle web content. Users are strongly advised to update the operating systems of their devices.

Image source: Garin Chadwick / Unsplash

These were discovered by specialists from the Google Threat Analysis Group, a team of researchers that analyzes cyber attacks. It is not yet known how many Apple users have been affected by the attackers. Experts suggest that the vulnerabilities could be part of a large-scale cyber espionage campaign.

Apple has released updates for macOS, iOS and iPadOS, including devices running older versions of iOS 17, allowing it to reach as many Apple users as possible and reduce the risk of hacker attacks. The company said the vulnerabilities affect WebKit and JavaScriptCore, engines that play a key role in the Safari browser and web content processing. These components, especially WebKit, are regularly targeted by hackers, as their compromise gives attackers access to the victim’s device and personal data.

Apple’s official security advisory states that the vulnerabilities could be exploited to execute malicious code. This is possible if attackers force the device to process specially crafted web content, such as a website or email. An attack like this could result in malware being installed on the device.