Apple has rolled out urgent security updates for its iOS, macOS, and tvOS platforms to address a critical zero-day vulnerability that affects millions of devices. The flaw, which is tracked as CVE-2024-23222, is a WebKit confusion issue that could allow hackers to execute arbitrary code on vulnerable devices by tricking users into visiting malicious websites.

What is WebKit, and why is it vulnerable?

WebKit is Apple’s browser engine that powers Safari, Mail, the App Store, and many other apps on iOS and macOS devices. It is responsible for rendering web pages and handling web content. However, WebKit also contains a bug that can cause memory corruption and lead to code execution when processing specially crafted web content.

According to Apple’s security advisory, the company is “aware of a report that this issue may have been actively exploited” by attackers. However, Apple did not provide any details on who discovered the flaw, who is behind the attacks, or how widespread they are.

How do you update your Apple devices and protect yourself?

Apple has fixed the zero-day flaw by improving the state and memory handling in WebKit. The fix is included in the following security updates:

• iOS 16.7.5 and iPad 16.7.5 for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, and iPod touch (7th generation)
• macOS Monterey 12.7.3 for Macs running macOS Monterey
• tvOS 17.3 for Apple TV HD and Apple TV 4K

To update your iPhone or iPad, go to Settings > General > Software Update, and tap Download and Install. To update your Mac, go to System Preferences > Software Update and click Update Now. To update your Apple TV, go to Settings > System > Software Updates and select Update Software.

It is highly recommended that you install these updates as soon as possible, as the zero-day flaw poses a serious risk to your privacy and security. Hackers could use the flaw to steal your data, access your online accounts, install malware, or perform other malicious actions on your devices.

What else can you do to stay safe online?

Updating your Apple devices is not enough to ensure your online safety. You should also follow some best practices to avoid falling victim to cyberattacks, such as:

• Avoid clicking on suspicious links or opening unknown attachments in emails, messages, or social media posts
• Use strong and unique passwords for your online accounts and enable two-factor authentication whenever possible
• Use reputable antivirus software on your Mac and scan your device regularly for malware
• Use a VPN service to encrypt your internet traffic and protect your online identity
• Be careful about what you share online and who you trust with your personal information

By following these tips, you can reduce the chances of being hacked and keep your Apple devices secure.