Apple issues emergency security updates for iPhones and Macs — protect yourself now
Latest updates patch two actively exploited zero-day vulnerabilities
If you haven’t updated your iPhone, iPad or Mac recently, you’re going to want to install the latest patches right now as Apple has released emergency security updates to address two new zero-day vulnerabilities.
As reported by BleepingComputer, these new zero-days have already been exploited by hackers in their attacks. However, Cupertino hasn’t provided further details on how hackers are using them nor has it revealed which Apple users are currently being targeted.
Both of these zero-days (tracked as CVE-2023-42916 and CVE-2023-42917) were discovered in Apple’s WebKit browser engine which powers Safari and is also used in many of the company’s apps for iOS, iPadOS and macOS.
If exploited, these vulnerabilities could allow an attacker to gain access to sensitive information stored on Apple devices through an out-of-bounds read weakness or to execute arbitrary code by using malicious webpages to take advantage of a memory corruption bug.
What to do: Both security flaws have been addressed with the release of iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2. However, it’s up to you to update your Apple devices to stay safe from any potential attacks.
Impacted Apple devices
Since WebKit is used by the best iPhones, the best MacBooks and even on iPads, the list of impacted devices is quite long.
According to an advisory released by Apple alongside its latest emergency security updates, all iPhones from the iPhone XS are vulnerable along with Macs running MacOS Monterey, Ventura and Sonoma.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
This list of impacted iPads is also quite long and the iPad Pro 12.9-inch 2nd gen and later, the iPad Pro 10.5-inch, the iPad Pro 11-inch 1st gen and later, iPad Air 3rd gen and later, iPad 6th gen and later and the iPad mini 5th gen and later all need to be updated.
Just like with the recent Chrome zero-days patched yesterday, both of these new vulnerabilities were discovered and reported by Google’s Threat Analysis Group (TAG). As such, they could be used in spyware attacks or other cyberattacks targeting high-profile individuals like journalists and politicians.
Why you should regularly update your iPhone, iPad and Mac
When it comes to keeping your iPhone, iPad, Mac and other Apple devices safe from hackers, the easiest way to do so is by ensuring that you install the latest updates as soon as they become available.
I know constantly updating your devices may be annoying but the few minutes it takes to install the updates described above and others like sure beats the alternative: falling victim to hackers and potentially even having your identity stolen.
Besides doing this, you should also be using the best Mac antivirus software on your Apple computers in order to stay safe. While there isn’t an iOS equivalent to the best Android antivirus apps due to Apple’s own restrictions, both Intego Mac Internet Security X9 and Intego Mac Premium Bundle X9 can scan either your iPhone or iPad for malware when connecting to your Mac using a USB cable.
These new emergency security updates should be available to download and install now. However, we won’t hear anything about Apple regarding any attacks exploiting these zero-days until enough of its customers have updated their devices. Even then though, Cupertino rarely sheds light on how hackers attack its iPhones and Macs in order to avoid giving other cybercriminals ideas.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.