ENTERPRISE

Apple releases update after Mac users targeted in zero-day cyberattacks

20 Nov 2024

A pair of hands are seen typing on an Apple Mac laptop against a white background. A mountain and vegetation can be seen on the desktop background.

Image: © DenPhoto/Stock.adobe.com

It is currently unknown how many Mac users have been affected or who is behind the attacks.

Apple recommended yesterday (19 November) that users download an update which patches two security bugs used in cyberattacks actively targeting users of Mac computers.

In a statement released on its official website, the tech giant said that it became aware of a reports that these bugs “may have been actively exploited on Intel-based Macs”.

To combat the bugs, Apple released a software update for the Mac Operating System (specifically, the macOS Sequoia 15.1.1), as well as fixes for iPads and iPhones.

It is understood that the bugs are considered “zero day” bugs as they were unknown to Apple at the time they were exploited.

Apple has long enjoyed a reputation for being ‘more secure’ than other operating systems, owing to features such as the hardware-reinforced Secure Enclave, in addition to development practices and operating system design choices.

However, like any system, security flaws still find their way in from time to time.

Double trouble bugs

The company explained that the bug concerning JavaScriptCore was resolved following “improved checks”, while the bug regarding WebKit was a cookie management issue rsolved via “improved state management.”

While it is not yet known who perpetrated the cyberattacks targeting Mac users or how many Mac users have been targeted, the bugs were reported by security researchers at Google’s Threat Analysis Group, which investigates government-backed hacking and cyberattacks.

Apple is no stranger when it comes to monitoring potentially harmful bugs: late last year, the business issued a security update for two zero-day flaws. It said at the time that these flaws impacted iPadOS, iOS and MacOS Sonoma systems.

And in September 2023, Apple dropped a security update which added further protection against Pegasus spyware.

Earlier this year, Jamf’s Dr Michael Covington gave his top tips for integrating Apple’s new rapid patching system into a user’s cybersecurity and device management strategy.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Ciarán Mather is a senior journalist with Silicon Republic

editorial@siliconrepublic.com