Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Anthony Spadafora

Apple fixes urgent zero-day flaw — update your iPhone and Mac right now

Apple iPhone 15 Plus review.

After Google patched its first zero-day flaw this year, Apple has now released security updates to address a serious  vulnerability that impacts iPhones, Macs and even Apple TVs.

As reported by BleepingComputer, Cupertino’s first zero-day flaw of 2024 (tracked as CVE-2024-23222) is a WebKit confusion issue that can be exploited by hackers to execute arbitrary code on impacted Apple devices. This can only occur once an attacker tricks unsuspecting iPhone or Mac users into opening a malicious site on their devices though.

In a security notice on its site, Apple explains that it is “aware of a report that this issue may have been exploited” by attackers. Surprisingly though, the company has not attributed the discovery of this new zero-day to a particular security researcher yet.

Fortunately, Apple has fixed this flaw with improved checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, macOS Monterey 12.7.3 and higher and in tvOS 17.3 and higher. If you own one of the impacted devices, you need to install these new security updates as soon as possible to avoid falling victim to any attacks exploiting this vulnerability.

Impacted Apple devices

(Image credit: Tom's Guide)

As WebKit is Apple’s own browser engine that powers Safari, Mail, the App Store and many other macOS and iOS apps, the list of devices impacted by this zero-day is quite extensive.

For instance, the best iPhones from the iPhone XS on are vulnerable as is the iPad Pro 12.9-inch 2nd generation and later, the iPad Pro 10.5 inch, the iPad Pro 11-inch 1st generation and later, the iPad Air 3rd generation and later, the iPad 6th generation and later and the iPad mini 5th generation and later. When it comes to the best MacBooks and other Apple computers, Macs running macOS Monterey and later are impacted too as are all Apple TV HD and Apple TV 4K models.

Just like with previous Apple zero-days, this one will likely only be used in targeted attacks against high-profile individuals like politicians, journalists and business owners. Still though, vulnerabilities like this one could be used against ordinary people which is why you should update your Apple devices as soon as possible.

How to keep your iPhone and Mac safe from hackers

(Image credit: robert coolen/Shutterstock)

When it comes to keeping your Apple devices protected, the first and most important thing you can do is to install new updates when they become available. Besides exciting new features like Stolen Device Protection, these updates also contain important security fixes.

While Macs ship with Apple’s own antivirus software in the form of XProtect, you should also consider using the best Mac antivirus software alongside it for additional protection. As for your iPhone, there’s no equivalent to the best Android antivirus apps for iOS due to the company’s own restrictions on malware scanning. However, both Intego Mac Premium Bundle X9 and Intego Mac Internet Security X9 can scan an iPhone or iPad for malware when they’re connected to a Mac via a USB cable. 

Given that Apple is open to working with security researchers from all sorts of different companies (Google included) to find flaws in its products, this likely won’t be the last zero-day vulnerability we see the company patch this year. In fact, last year, Apple patched a total of 20 zero-day flaws.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.