Apple is recommending Mac users update their systems after revealing that hackers exploited two vulnerabilities in its software.
The company issued two bug fixes on Tuesday addressing issues in WebKit and JavaScriptCore, which power Safari and other web content. WebKit, in particular, is a major target for hackers aiming to exploit the engine to infiltrate devices and gain access to private data.
In the first instance, Apple said one issue stemmed from “processing maliciously crafted web content,” which can lead to an attacker running unauthorized code on a system. The problem was addressed through enhanced validation checks, according to Apple. The second issue involved a cross-site scripting attack. Apple said it resolved the vulnerability by improving cookie state management.
See also: Best MacBook for 2024
The company noted that it is aware of reports indicating these issues may have been actively exploited on Intel-based Mac systems. Apple also rolled out a security update for the iPad and iPhone related to the same vulnerabilities.
It’s unclear at this time who was behind the targeted attacks, but the bugs were reported by Google’s Threat Analysis Group, which specializes in uncovering government-backed cyberattacks.
Apple did not immediately respond to a request for comment.
The bugs are classified as zero-day vulnerabilities because they were actively exploited before a patch was available. For security reasons, Apple said it refrains from disclosing, discussing or confirming vulnerabilities until after an investigation is complete and patches or updates have been released.