Apple tells users to update software as soon as possible to fix security issues

Update fixes vulnerabilities in Mac systems that may have been ‘actively exploited’

Vishwam Sankaran
Sunday 24 November 2024 06:45 EST
Comments
Related: Apple hit with $3.8bn legal claim for allegedly breaking UK competition law with iCloud service

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Apple has released a new software update with “important security fixes” for iPhones, iPads and Macs “recommended for all users” to protect devices from cyberattacks.

The tech giant noted in an advisory on its website that the security bugs, considered “zero day” vulnerabilities, “may have been actively exploited on Intel-based Mac systems”.

These software bugs were unknown to Apple at the time they were exploited, the company said.

The fixes are available across a variety of Apple’s platforms with new updates including iOS 18.1.1, iPadOS 18.1.1, and macOS Sequoia 15.1.1.

It is not yet clear who was behind the attacks targeting Mac users, but a report by Google’s Threat Analysis Group suggests a government-backed entity may be involved.

Apple's 2024 Surprise!

The software bugs were found to be related to web engines WebKit and JavaScriptCore powering Apple’s Safari browser for running web content.

“Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems,” the company said.

“This update provides important security fixes and is recommended for all users.”

Such bugs may create an opportunity for hackers to take control of devices when they encounter malicious content on the web.

“Processing maliciously crafted web content may lead to arbitrary code execution,” the tech giant warned.

These kinds of vulnerabilities have been known to be used for breaking into core computer software to enable access to private user data.

This method has been used previously by government-backed hackers to plant commercial spyware on target devices and steal or upload information.

Earlier this year, the tech giant cautioned iPhone users in nearly 100 countries, including India, about a potential new mercenary spyware attack similar to Pegasus.

Apple released the new update fixing the software vulnerabilities for macOS, iPhones, and iPads, as well as for users running older iOS17.

“The issue was addressed with improved checks,” the company said.

The latest software update could also be the last one before iOS 18.2 arrives in December, which may bring in a second wave of Apple Intelligence features.

Apple did not immediately respond to The Independent’s request for comment on Wednesday.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in