Apple reports that Mac users are targets of zero-day cyberattacks.

Apple has released security updates that are recommended for all users after identifying and fixing two vulnerabilities that were being exploited in active cyber attacks against Mac users. In an advisory published on its website, the company reported that it had detected these vulnerabilities, which “could have been actively exploited on Intel-based Mac systems.”

These flaws are labeled as "zero day" because they were unknown to Apple at the time of their exploitation. To address these issues, a software update for macOS was released, along with patches for iPhones and iPads, including for those running the previous version of iOS 17.

It is still unclear who is behind the attacks targeting Mac users, how many have been affected, or if any were successfully compromised. The security issues were revealed by researchers from Google’s Threat Analysis Group, which specializes in researching hacks and cyberattacks backed by governments, suggesting the possibility that a governmental actor is linked to these attacks. Government-backed attacks often involve the use of commercial spyware.

As for the vulnerabilities themselves, Apple indicated that they are related to WebKit and JavaScriptCore, the engines that power the Safari browser and process web content. WebKit is a common target for malicious hackers seeking vulnerabilities as a means to access device software and extract private user data. According to the security advisory, the flaws may be used to trick vulnerable Apple devices into processing malicious web content, such as a website or an email, which could lead to the execution of arbitrary code and thereby allow malware to be installed on the victim's device.

Users are advised to update their iPhones, iPads, and Macs as soon as possible. Apple did not provide additional comments when contacted.