SINGAPORE – Apple users have been advised to install the latest security updates for their devices to address two separate vulnerabilities that allow hackers to execute malicious commands.

Devices affected are the iPhone 8 and later models, all iPad Pro models, the iPad Air (third generation and later), iPad and iPad mini (fifth generation and later), and Macs running macOS Ventura.

The Singapore Computer Emergency Response Team (SingCert), in a report on Saturday, urged users of these products to install the latest security updates issued last Friday by Apple immediately.

The first vulnerability involves the WebKit browser engine that powers Apple apps, including Web browser Safari, Mail and the App Store. It allows hackers to insert code on a device when the user browses malicious Web content, to insert malware or spyware, or execute malicious operating system commands.

Meanwhile, hackers could use malicious apps to exploit the second vulnerability, to execute code or commands without the owner’s knowledge, while also having the greatest degree of control over a particular device.

In its patch notes, Apple acknowledged that the two vulnerabilities were reportedly being actively exploited, but it did not disclose any further details regarding the attacks.

These two take the tally of zero-day vulnerabilities – security weaknesses that could be exploited by attackers before the software provider is aware of their existence – that the tech giant has faced in 2023 to three.

In February, Apple patched its first zero-day vulnerability of the year.

SingCert recommended that Apple users enable automatic software updates on their devices by going to: Settings > General > Software Updates > Enable Automatic Updates.