Apple is rolling out some urgent iPhone and Mac security patches, so update now

A zero-day is afoot and targeting iPhone, iPad and Mac device, so patch now

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Applehas released several newsecurity updatescovering many of its devices, including iPhone, iPad and Mac, to fix various issues including a zero-day that has already been exploited.

The vulnerability affects the kernel, which controls the hardware of the device, and can allow bad apps to change its state. It is being tracked as CVE-2023-38606.

The zero day is the third vulnerability in Apple devices as part of operation triangulation, a cyberespionage campaign targeting iOS devices since 2019 which require no user clicks to become active.

Operation Triangulation

Researchers at Kaspersky are said to have discovered the operation and reported this latest flaw. It affects older version of iOS, with Apple stating that it, “is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.”

Apple’s fix entailed improving the state management of the device.

Apple unveils Lockdown Mode and takes iPhone security to the next level>Apple says these are the best security keys around now>Apple deploys its new Rapid Security Response tool for the first time

Kaspersky lead researcher Boris Larin claims that this flaw is used to deploy the Triangulation spyware via an exploit in iMessage.

The new security updates are available for iOS, iPadOS, macOS (Big Sur, Monterey, and Ventura), tvOS, watchOS devices, as well as theSafaribrowser.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Since the start of the year, Apple has patched a total of 11 zero days that have been exploited by attackers, affecting Macs, iPads and iPhones. It also recently released a fix for its WebKit where a vulnerability could have lead to arbitrary code execution.

At the end of last year, the company also released its newRapid Security Responsefeature, designed to get patches out to customers quicker, and used it for the first time in May this year to patch Macs, iPads and iPhones.

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

7 myths about email security everyone should stop believing

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set