Apple has rolled out a software update to address security flaws that have been actively exploited by cybercriminals to target Intel-based Mac systems.
In a recent security advisory, Apple confirmed awareness of two vulnerabilities that may have been exploited in attacks on Intel-powered Macs. These are categorized as "zero-day" vulnerabilities, which means they were being actively exploited before a fix was made available.
To resolve these issues, Apple released an update for macOS (version 15.1.1, also known as macOS Sequoia), as well as fixes for iPhones and iPads, including devices running the older iOS 17 version.
The vulnerabilities, which involve maliciously crafted web content, could allow attackers to execute arbitrary code on affected devices. Apple has stated it is aware that these issues may have been actively exploited on Intel-based Macs and has implemented stronger safeguards to address the problem.
The specific perpetrators behind these attacks remain unknown, as does the extent of the impact. These vulnerabilities were initially identified by Google’s Threat Analysis Group.
The issues are linked to WebKit and JavaScriptCore, which are the web engines that power Apple's Safari browser and handle web content.
Apple is urging users of iPhones, iPads, and Macs to update their devices as soon as possible to protect against these vulnerabilities.
In related news, Apple issued a warning in July regarding a potential mercenary spyware attack targeting iPhones in at least 98 countries, including India. The warning indicated that certain users might be at risk of having their devices compromised by spyware, possibly linked to groups like the NSO Group, who are known for deploying spyware like Pegasus.