Apple has once again released emergency security updates to fix zero-day vulnerabilities in its iPhones and Macs.
These new zero-day vulnerabilities were found in the Image I/O and Wallet frameworks and while one was discovered by Apple, security researchers at Citizen Lab found the other.
If you have a vulnerable iPhone, iPad or Mac, you’re going to want to install the corresponding security updates as soon as possible as these two bugs are already being used by hackers in their attacks.
Actively exploited iPhone, iPad and Mac zero-days
The first zero-day (tracked as CVE-2023-41064) is a buffer overflow weakness in macOS Ventura that can be triggered when the operating system processes maliciously crafted images. When this happens, arbitrary code can be executed on unpatched devices.
The second zero-day (tracked as CVE-2023-41061) is a validation issue that affects iPhones as well as the best iPads. This security flaw can be exploited by hackers through malicious attachments to execute arbitrary code on Apple’s smartphones and tablets.
Fortunately for iPhone, iPad and Mac users, Apple patched these zero-days with the release of iOS 16.6.1, iPadOS 16.6.1 and macOS Ventura 13.5.2 by adding improved logic and memory handling. However, you will still need to install the company’s latest round of emergency security updates to fix them on your devices.
As these two zero-days impact both older and newer iPhones, iPads and Macs, the list of affected devices is quite long and it includes iPhone 8 and later, all models of the iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, Macs running macOS Ventura and even the Apple Watch Series 4 and later.
How to keep your Apple devices safe from hackers
In order to keep your iPhone, iPad and Mac protected from cyberattacks, it’s extremely important that you keep all of your devices up to date and running the latest software. Besides new features, Apple’s incremental iOS, iPadOS and macOS updates often include security patches to address the zero-day vulnerabilities described above and other security flaws.
Also, you want to be using the best Mac antivirus software on your Mac as just like with Windows PCs, they can also fall victim to malware and other viruses. In fact, we’ve seen a surge in Mac malware in recent years and this trend isn’t likely going to slow down anytime soon.
As for keeping your iPhone or iPad safe, Apple’s own malware scanning restrictions are the reason there isn’t an iOS equivalent of the best Android antivirus apps. There is a workaround for this though, as Intego Mac Internet Security X9 and Intego Mac Premium Bundle X9 can both scan an iPhone or iPad for malware when they’re plugged into a Mac using a USB cable.
So far this year, Apple has fixed a total of 13 zero-day vulnerabilities that were actively exploited by hackers in their attacks. As there aren’t patch gaps like on Android though, iPhone, iPad and Mac users can easily download and install these fixes in a timely manner in order to stay safe from hackers.
More from Tom's Guide
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.