Apple patches zero-day bug used in cyberattacks — update your iPhone, iPad and Mac now

Tom's Guide Awards 2023 winner:
(Image credit: Tom's Guide)

Update: Apple has now confirmed in a support document that yesterday's emergency security updates are causing some websites to not display properly. As a result, the company is planning to release new updates soon to address this issue.

Apple has released a fix for a recently discovered zero-day bug in its latest round of Rapid Security Response (RSR) updates.

As reported by BleepingComputer, this new zero-day affects all iPhones, iPads and Macs including those that are fully up to date.

In a security advisory on its site, Apple explained that this new emergency security update patches a zero-day vulnerability (tracked as CVE-2023-37540) which was discovered by an anonymous security researcher.

If you’re the kind of person that puts off installing security updates for your devices, you might want to think twice about that, especially with this one as “Apple is aware of a report that this issue may have been actively exploited.” This means that hackers may already be exploiting this flaw in their cyberattacks and they love to prey on users that don’t apply the latest security patches when they become available.

Yet another WebKit zero-day

Just like with a similar flaw Apple patched back in February, this new zero-day was discovered in the company’s WebKit browser engine which powers Safari, Mail, the App Store and many other macOS and iOS apps.

If exploited on a compromised Apple device, this zero-day can allow an attacker to gain arbitrary code execution by tricking unsuspecting users into opening websites that contain malicious content.

As this flaw impacts iOS, iPadOS and macOS, it’s highly recommended that you install Apple’s new emergency patches as soon as they become available. They include macOS Ventura 13.4.1 (a), iOS 16.5.1 (a) and iPadOS 16.5.1 (a).

Once installed on your Apple devices, this emergency security update adds improved checks to prevent hackers from exploiting the zero-day flaw in question.

How to keep your iPhone, iPad and Mac safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

When it comes to keeping your Apple devices safe from cyberattacks, the first and most important thing you can do is to keep them updated and running the latest software. As I mentioned before, hackers often target vulnerable devices that haven’t been updated yet and by waiting to install the updates Apple releases, you’re putting both yourself and your devices at risk.

Although Macs come with built-in antivirus software in the form of XProtect, you can also use the best Mac antivirus software alongside it for additional protection. As for protecting your iPhone and iPad from malware, unfortunately there’s no Apple equivalent of the best Android antivirus apps. However, both Intego Mac Premium Bundle X9 and Intego Mac Internet Security X9 can scan an iPhone or iPad for malware when they’re connected to a Mac via a USB cable. 

Since this is the tenth zero-day flaw patched by Apple so far this year, we’ll likely see other similar vulnerabilities get the same emergency security update treatment. This means that you want to stay vigilant, check for security updates frequently and install them as soon as they become available to stay safe.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.