Apple has again released a security update to address zero-day vulnerabilities that have been used in attacks against the iPhone, iPad, and Mac

In a security advisory posted on its site, the Cupertino-based company explains that it is aware of reports that these issues may be actively exploited by hackers For this reason, it is important to install the latest security updates for Apple devices as soon as possible

All three of these new zero-day problems were discovered in the open-source WebKit browser engine that powers Apple's Safari as well as Google Chrome on iOS, iPadOS, and macOS According to BleepingComputer, the first vulnerability (tracked as CVE-2023-32409) is a sandbox escape that attackers can use to escape the sandbox of web content

The next zero-day (tracked as CVE-2023-28204) is an out-of-bounds read flaw that attackers can exploit to access sensitive information stored on Apple devices Meanwhile, the third zero-day (tracked as CVE-2023-28204) is a use-after-free issue, which can allow arbitrary code to be executed on a compromised device

As Apple often does, the company has not yet released details of attacks that exploit these zero-day vulnerabilities to give customers time to update their devices

The list of affected devices is quite extensive, as these three zero-day flaws affect both old and new Apple smartphones, tablets, computers, smartwatches, and streaming devices Fortunately, Apple has patched these flaws in the macOS Ventura 134, iOS 165, iPadOS 165, tvOS 165, watchOS 94, and Safari 165 releases However, the last two zero-day flaws were first fixed by the company's Rapid Security Response (RSR) patches for iOS 1651 and macOS 1331 released earlier this month

Unlike malicious apps and malware, there is really not much you can do as an end user to protect yourself from attacks that exploit zero-day vulnerabilities While the best Mac antivirus software will protect you from most cyber attacks, the same cannot be said for zero-day exploits

The reason for this is that zero-day vulnerabilities are, by definition, discovered by an attacker before a company is aware of the vulnerability Patches to fix zero-day vulnerabilities have not yet been created and, unfortunately, must wait for Apple and other tech companies to respond

Still, when a patch becomes available, it is up to you to install it as soon as possible Hackers often target users who do not have the latest security updates installed, so waiting to do so puts you at risk

We may hear more about attacks that take advantage of these flaws