Apple has released emergency security updates for iPhone, iPad, and Mac devices to patch two zero-day vulnerabilities that the company said were actively exploited in the wild. The flaws affect the kernel in iOS and iPadOS and WebKit in macOS, giving attackers paths to execute code and potentially take control of targeted devices.
According to Apple’s security advisories, the kernel issue could allow an app to execute arbitrary code with elevated privileges, a serious risk because kernel-level access can help attackers bypass core operating system protections. The WebKit flaw, meanwhile, could be triggered by maliciously crafted web content, exposing Mac users to compromise simply by visiting a booby-trapped page in Safari or another app that relies on WebKit.
Apple did not publicly disclose full technical details, a standard practice when fixes are first released and exploitation is ongoing. But the company’s warning that it is aware of reports of active abuse makes the updates a high-priority install for both consumers and enterprise users managing Apple fleets.
The practical risk is straightforward: unpatched devices may be vulnerable to exploit chains that combine browser and privilege-escalation bugs to break out of app restrictions, gain deeper system access, and potentially deploy spyware or steal sensitive data. That is especially relevant for journalists, activists, government staff, executives, and businesses with large numbers of managed Apple devices.
Users should update iPhones and iPads through Settings > General > Software Update, and Mac users should install the latest macOS security update as soon as possible. Organizations should also verify patch compliance through MDM tools and review devices that may have been exposed to suspicious links or untrusted web content. For users who often connect through public networks, using a VPN can reduce some exposure to hostile traffic, but it does not replace patching.
The incident is another reminder that Apple devices remain active targets for sophisticated attackers, particularly when browser engines and kernel components are involved.
