SINGAPORE: Apple users are advised to update their devices to the latest versions immediately after hackers were found actively exploiting two zero-day vulnerabilities, the Singapore Cyber Emergency Response Team (SingCERT) said on Friday (Dec 1).
Apple has released security updates to address the two vulnerabilities that affect certain products, SingCERT said in an update on its website.
This is the 20th zero-day vulnerability used in attacks against iPhones, iPads and Macs since the start of the year, according to information security and technology news publication Bleeping Computer.
“Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information via an out-of-bounds read weakness, or execute arbitrary code via maliciously crafted webpages,” said SingCERT.
It advised users to patch the following products to their latest versions immediately:
- iPhone XS and later
- iPad Pro 12.9-inch 2nd generation and later,
- iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 6th generation and later
- iPad mini 5th generation and later
- Macs running macOS Monterey, Ventura, Sonoma
Users are also encouraged to enable automatic software updates under the settings function in their devices.