Urgent Apple zero-day flaws hit iPhones and Macs — update right now

 iPhone 14 Pro Max
iPhone 14 Pro Max

Apple has once again released emergency security updates to fix zero-day vulnerabilities in its iPhones and Macs.

As reported by BleepingComputer, two new zero-day vulnerabilities which affect the best iPhones, iPads and Macs have been discovered and now patched by Apple.

These new zero-day vulnerabilities were found in the Image I/O and Wallet frameworks and while one was discovered by Apple, security researchers at Citizen Lab found the other.

If you have a vulnerable iPhone, iPad or Mac, you’re going to want to install the corresponding security updates as soon as possible as these two bugs are already being used by hackers in their attacks.

Actively exploited iPhone, iPad and Mac zero-days

The first zero-day (tracked as CVE-2023-41064) is a buffer overflow weakness in macOS Ventura that can be triggered when the operating system processes maliciously crafted images. When this happens, arbitrary code can be executed on unpatched devices.

The second zero-day (tracked as CVE-2023-41061) is a validation issue that affects iPhones as well as the best iPads. This security flaw can be exploited by hackers through malicious attachments to execute arbitrary code on Apple’s smartphones and tablets.

Fortunately for iPhone, iPad and Mac users, Apple patched these zero-days with the release of iOS 16.6.1, iPadOS 16.6.1 and macOS Ventura 13.5.2 by adding improved logic and memory handling. However, you will still need to install the company’s latest round of emergency security updates to fix them on your devices.

As these two zero-days impact both older and newer iPhones, iPads and Macs, the list of affected devices is quite long and it includes iPhone 8 and later, all models of the iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, Macs running macOS Ventura and even the Apple Watch Series 4 and later.

How to keep your Apple devices safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.
A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

In order to keep your iPhone, iPad and Mac protected from cyberattacks, it’s extremely important that you keep all of your devices up to date and running the latest software. Besides new features, Apple’s incremental iOS, iPadOS and macOS updates often include security patches to address the zero-day vulnerabilities described above and other security flaws.

Also, you want to be using the best Mac antivirus software on your Mac as just like with Windows PCs, they can also fall victim to malware and other viruses. In fact, we’ve seen a surge in Mac malware in recent years and this trend isn’t likely going to slow down anytime soon.

As for keeping your iPhone or iPad safe, Apple’s own malware scanning restrictions are the reason there isn’t an iOS equivalent of the best Android antivirus apps. There is a workaround for this though, as Intego Mac Internet Security X9 and Intego Mac Premium Bundle X9 can both scan an iPhone or iPad for malware when they’re plugged into a Mac using a USB cable.

So far this year, Apple has fixed a total of 13 zero-day vulnerabilities that were actively exploited by hackers in their attacks. As there aren’t patch gaps like on Android though, iPhone, iPad and Mac users can easily download and install these fixes in a timely manner in order to stay safe from hackers.

More from Tom's Guide