Apple advises Mac users to update their systems following the discovery that hackers have taken advantage of two software vulnerabilities.
On Tuesday, the company released two bug fixes that tackle problems in WebKit and JavaScriptCore, the technologies behind Safari and various web content. Hackers are increasingly focusing on WebKit, seeking to exploit the engine to breach devices and access sensitive information.
Initially, Apple reported that one problem arose from “processing maliciously crafted web content,” potentially allowing an attacker to execute unauthorized code on a system. Apple stated that the issue was tackled by implementing improved validation checks. A cross-site scripting attack was the focus of the second issue. Apple announced that it has fixed the vulnerability through enhancements in cookie state management.
The company acknowledged reports suggesting that these issues might have been actively exploited on Intel-based Mac systems. Apple has released a security update for the iPad and iPhone addressing the same vulnerabilities.
The identity of those responsible for the targeted attacks remains uncertain, but Google’s Threat Analysis Group, known for its expertise in identifying government-backed cyber threats, has reported the bugs.
The vulnerabilities are labeled as zero-day because they were being exploited before any fix could be released. Apple has stated that, for security reasons, it does not disclose, discuss, or confirm vulnerabilities until investigations are finished and necessary patches or updates are available.