Apple has confirmed zero-day vulnerabilities were bring actively exploited on Intel-based macOS systems. The company has since released security updates for iOS, iPadOS, macOS, visionOS and its Safari web browser. 

Google’s Threat Analysis Group (TAG) reported the flaws. 

CVE-2024-44308 was a vulnerability in the JavaScriptCore which could lead to arbitrary code execution while processing malicious web content. The second one, CVE-2024-44309 was a vulnerability in the cookie management system in WebKit that could lead to a cross-site scripting (XSS) attack while processing malicious web content. 

The company asked users to update their devices across a range of macs, iPhones and iPads as soon as possible. 

Apple has had to address four zero-day vulnerabilities this year earlier in January and March.