Apple has rolled out updates for its operating systems, which come with security fixes for vulnerabilities that may have already been used to target its customers. The updates are now available for Macs, iPhones, iPads, the Vision Pro and the Safari browser. In its notes, Apple revealed that the security patches will fix bugs affecting WebKit, the rendering engine Safari uses, and JavaScriptCore, which runs JavaScript code on macOS and iOS devices.
If JavaScriptCore is fooled into processing “maliciously crafted web content,” it could execute arbitrary codes, Apple explained. Meanwhile, WebKit could be exploited for cross site scripting attacks if it gets tricked into running malicious content. The company said it’s aware of a report that the vulnerabilities could’ve been actively exploited on Intel-based Mac systems. According to TechCrunch, the bugs are zero-day vulnerabilities, as Apple had no knowledge of their existence when they were exploited. Researchers from Google’s Threat Analysis Group were reportedly the ones who discovered the vulnerabilities. The group is known for detecting and analyzing government-backed hacking and attacks.
Apple didn’t say how many devices had been attacked using exploits taking advantage of the bugs, and it didn’t say if any information was stolen from the targets. Mac, iPad and iPhones users may want to check their devices for the latest updates, though, so they can install the security fixes as soon as possible.