Apple has again released a security update to address zero-day vulnerabilities that have been used in attacks against the iPhone, iPad, and Mac.

In a security advisory posted on its site, the Cupertino-based company explains that it is aware of reports that these issues may be actively exploited by hackers. For this reason, it is important to install the latest security updates for Apple devices as soon as possible.

All three of these new zero-day problems were discovered in the open-source WebKit browser engine that powers Apple's Safari as well as Google Chrome on iOS, iPadOS, and macOS. According to BleepingComputer, the first vulnerability (tracked as CVE-2023-32409) is a sandbox escape that attackers can use to escape the sandbox of web content.

The next zero-day (tracked as CVE-2023-28204) is an out-of-bounds read flaw that attackers can exploit to access sensitive information stored on Apple devices. Meanwhile, the third zero-day (tracked as CVE-2023-28204) is a use-after-free issue, which can allow arbitrary code to be executed on a compromised device.

As Apple often does, the company has not yet released details of attacks that exploit these zero-day vulnerabilities to give customers time to update their devices.

The list of affected devices is quite extensive, as these three zero-day flaws affect both old and new Apple smartphones, tablets, computers, smartwatches, and streaming devices. Fortunately, Apple has patched these flaws in the macOS Ventura 13.4, iOS 16.5, iPadOS 16.5, tvOS 16.5, watchOS 9.4, and Safari 16.5 releases. However, the last two zero-day flaws were first fixed by the company's Rapid Security Response (RSR) patches for iOS 16.5.1 and macOS 13.3.1 released earlier this month.

Unlike malicious apps and malware, there is really not much you can do as an end user to protect yourself from attacks that exploit zero-day vulnerabilities. While the best Mac antivirus software will protect you from most cyber attacks, the same cannot be said for zero-day exploits.

The reason for this is that zero-day vulnerabilities are, by definition, discovered by an attacker before a company is aware of the vulnerability. Patches to fix zero-day vulnerabilities have not yet been created and, unfortunately, must wait for Apple and other tech companies to respond.

Still, when a patch becomes available, it is up to you to install it as soon as possible. Hackers often target users who do not have the latest security updates installed, so waiting to do so puts you at risk.

We may hear more about attacks that take advantage of these flaws.