• Apple has issued a software update to address 'actively exploited' bugs in Intel-based Mac systems.
• The vulnerabilities were reported by Google's Threat Analysis Group and are related to WebKit and JavaScriptCore.
• The identity of the attackers and the number of affected users remain unknown, but Apple advises users to update their devices.
• This incident highlights the growing threat of cyber-attacks and the importance of regular software updates for device security.

In a recent development, Apple, the tech behemoth, has issued a software update to address bugs that were being 'actively exploited' by cybercriminals targeting Intel-based Mac systems. The company has identified two vulnerabilities that may have been exploited on these systems. These bugs are classified as zero-day vulnerabilities, meaning they were unknown to Apple at the time of exploitation.

To rectify these vulnerabilities, Apple has released a software update for macOS, named macOS Sequoia 15.1.1, along with fixes for iPhones and iPads, including those running the older iOS 17 software. The vulnerabilities were reported by security researchers at Google 's Threat Analysis Group. They are related to WebKit and JavaScriptCore, the web engines that power the Safari browser and run web content.

Apple has addressed the issue with improved checks. However, the identity of the attackers targeting Mac users and the number of users affected remains unclear. The company has advised its users to update their iPhones, iPads, and Macs as soon as possible to ensure their devices' security.

Apple's Response to the Threat

The company stated, "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems." This statement underscores the severity of the threat and the potential damage it could cause if not addressed promptly.

This is not the first time Apple has had to deal with such threats. In July, the company issued a warning to iPhone users in at least 98 countries, including India, about a potential new mercenary spyware attack similar to 'Pegasus'. The warning stated that the company detected that "you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID ". The warning further stated that this attack is "likely targeting you specifically because of who you are or what you do".

In April, Apple sent threat notifications to select users in 92 countries, including some in India, who may have been targeted using 'mercenary spyware' like Pegasus from the NSO Group. These incidents highlight the growing threat of cyber-attacks and the need for constant vigilance and timely updates to ensure the security of devices and user data.

The Growing Threat of Cyber Attacks

The vulnerabilities could potentially lead to severe consequences, such as sensitive information leaks, arbitrary code execution, security bypasses, denial of service (DoS) attacks, and spoofing attacks. These attacks can compromise the security of the device and the privacy of the user, leading to potential misuse of personal and financial information.

In response to these threats, Apple has taken significant steps to combat the spyware industry, which has the capability to infiltrate devices without any action from the victim. The company has also recommended users to download apps only from the App Store, use a different password for each online account, and avoid clicking on links or attachments from unknown sources.

Apple's efforts to combat these threats reflect the evolving nature of cyber threats, where private entities, often referred to as mercenaries, are increasingly involved in sophisticated cyber espionage activities. These mercenary groups operate independently or are hired by various actors, including governments, to carry out targeted attacks.