Apple released updates for iOS, iPadOS, and macOS today to address two zero-day security vulnerabilities that have been actively exploited. The company acknowledged that the bugs may have been used against versions of iOS prior to iOS 16.7.1, and has now made software updates available for the iPhone, iPad, and Mac.
The exploits were discovered and reported by researcher Clément Lecigne of Google’s Threat Analysis Group. These types of zero-day bugs are often targeted at high-risk individuals such as politicians, journalists, and dissidents. Apple did not provide details about the specific nature of any attacks using these vulnerabilities.
Both security flaws affected WebKit, the open-source browser framework powering Safari. The first bug could potentially lead to the disclosure of sensitive information, while the second could result in arbitrary code execution.
The security patches apply to a range of Apple devices, including iPhone XS and later, various models of iPad Pro, iPad Air, iPad, and iPad mini. While the likelihood of devices being affected by these vulnerabilities is low, it is still advisable to update Apple devices promptly. Users can update their iPhone or iPad by navigating to Settings > General > Software Update, while Mac users should go to System Settings > General > Software Update. The fixes are included in iOS 17.1.2, iPadOS 17.1.2, and macOS Sonoma 14.1.2.