Apple released security updates for iOS and macOS addressing two zero-day vulnerabilities currently exploited in active attacks. A kernel flaw and a WebKit vulnerability allow attackers to execute arbitrary code and gain complete device control. Both flaws affect iPhone and Mac users. Apple has not disclosed the specific CVE identifiers or threat actors behind the exploitation campaign. Users should apply patches immediately, as exploitation occurs in the wild. The kernel vulnerability exposes a memory safety defect. The WebKit flaw presents a separate attack vector through web content processing. Defenders should prioritize patching across their installed base, particularly for user-facing devices. Organizations should monitor for indicators of compromise related to these attack chains. Apple's advisory provides guidance on verifying patch application. No ransomware or data exfiltration has been reported as part of these attack chains at this time.