Image: Apple

Apple released software updates for iOS, iPadOS, and macOS today to fix two critical security vulnerabilities. The company said the bugs were being exploited in the wild. “Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” the company said about both flaws in its security reports. The updates are available for the iPhone, iPad, and Mac.

Google’s Threat Analysis Group (TAG) researcher Clément Lecigne discovered and reported both exploits. Bleeping Computer reported that Google TAG often finds and reveals zero-day bugs targeting high-risk people, such as politicians, journalists, and dissidents. Apple did not share any details about the attacks using the flaws.

The two security flaws affected WebKit, Apple’s open-source browser engine for Safari. Apple said the first bug could “disclose sensitive information” by processing web content. The second bug could “lead to arbitrary code execution” by doing the same.

The security patches apply to the “iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.”

The chances your devices were affected by either of these are very low, so there’s no need to worry — but, to be safe, you should update your Apple devices now. You can update your iPhone or iPad by going to Settings > General > Software Update and tapping the prompt. On Mac, go to System Settings > General > Software Update and do the same. Apple’s fixes came out today in iOS 17.1.2, iPadOS 17.1.2, and macOS Sonoma 14.1.2.

Source: 1 + 2