Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Anthony Spadafora

Apple patches zero-day bug used in cyberattacks — update your iPhone, iPad and Mac now

Tom's Guide Awards 2023 winner:

Apple has released a fix for a recently discovered zero-day bug in its latest round of Rapid Security Response (RSR) updates.

As reported by BleepingComputer, this new zero-day affects all iPhones, iPads and Macs including those that are fully up to date.

In a security advisory on its site, Apple explained that this new emergency security update patches a zero-day vulnerability (tracked as CVE-2023-37540) which was discovered by an anonymous security researcher.

If you’re the kind of person that puts off installing security updates for your devices, you might want to think twice about that, especially with this one as “Apple is aware of a report that this issue may have been actively exploited.” This means that hackers may already be exploiting this flaw in their cyberattacks and they love to prey on users that don’t apply the latest security patches when they become available.

Yet another WebKit zero-day

Just like with a similar flaw Apple patched back in February, this new zero-day was discovered in the company’s WebKit browser engine which powers Safari, Mail, the App Store and many other macOS and iOS apps.

If exploited on a compromised Apple device, this zero-day can allow an attacker to gain arbitrary code execution by tricking unsuspecting users into opening websites that contain malicious content.

As this flaw impacts iOS, iPadOS and macOS, it’s highly recommended that you install Apple’s new emergency patches as soon as they become available. They include macOS Ventura 13.4.1 (a), iOS 16.5.1 (a) and iPadOS 16.5.1 (a).

Once installed on your Apple devices, this emergency security update adds improved checks to prevent hackers from exploiting the zero-day flaw in question.

How to keep your iPhone, iPad and Mac safe from hackers

(Image credit: robert coolen/Shutterstock)

When it comes to keeping your Apple devices safe from cyberattacks, the first and most important thing you can do is to keep them updated and running the latest software. As I mentioned before, hackers often target vulnerable devices that haven’t been updated yet and by waiting to install the updates Apple releases, you’re putting both yourself and your devices at risk.

Although Macs come with built-in antivirus software in the form of XProtect, you can also use the best Mac antivirus software alongside it for additional protection. As for protecting your iPhone and iPad from malware, unfortunately there’s no Apple equivalent of the best Android antivirus apps. However, both Intego Mac Premium Bundle X9 and Intego Mac Internet Security X9 can scan an iPhone or iPad for malware when they’re connected to a Mac via a USB cable. 

Since this is the tenth zero-day flaw patched by Apple so far this year, we’ll likely see other similar vulnerabilities get the same emergency security update treatment. This means that you want to stay vigilant, check for security updates frequently and install them as soon as they become available to stay safe.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.