Jobs’ Mob released security updates that it says are “recommended for all users” after fixing a pair of security bugs used in active cyberattacks targeting Mac users.

In a security advisory on its website, Apple said it was aware of two vulnerabilities that “may have been actively exploited on Intel-based Mac systems.” The bugs are considered “zero-day” vulnerabilities because they were unknown to Apple when they were exploited.

To fix the bugs, Apple released a software update for macOS and fixes for iPhones and iPads, including users running the older iOS 17 software.

Apple does not say who is targeting Mac users, how many have been targeted, or how many have had their Coldplay collections stolen.

Job’s Mob were blissfully unaware of the problem and had to be told by security researchers at Google’s Threat Analysis Group.

Apple said the vulnerabilities relate to WebKit and JavaScriptCore, the web engines that power the Safari browser and run web content. Malicious hackers frequently target WebKit for vulnerabilities, which they use to break into the device’s software and tap into the user’s private data.

The security advisory says the bugs can be exploited by tricking vulnerable Apple devices into processing maliciously crafted web content, such as a website or email, to trigger arbitrary code execution. This can allow malware to be planted on a target’s device. Users should update their iPhones, iPads, and Macs immediately.