Apple has released a series of security updates to patch two zero-day vulnerabilities in macOS, iOS, and iPadOS, which were reportedly being exploited in active cyberattacks targeting Mac users.

The vulnerabilities, discovered by security researchers at Google's Threat Analysis Group, affect the WebKit and JavaScriptCore components of Apple's web engines, which power the Safari browser and other web content. According to Apple, the bugs can be exploited by tricking vulnerable devices into processing malicious web content, allowing attackers to execute arbitrary code and plant malware.

The security updates, which are "recommended for all users," are available for macOS, as well as iPhones and iPads, including those running the older iOS 17 software. While Apple has not disclosed the identity of the attackers or the scope of the attacks, the involvement of Google's Threat Analysis Group suggests that a government-backed actor may be involved.

Users are urged to update their devices as soon as possible to protect themselves from potential attacks. Apple has declined to comment on the matter.