Apple has released emergency security updates to secure its devices against a zero-day flaw that has been exploited to hack iPhones, iPads, and Macs, Bleeping Computer reports.

The vulnerability — tracked as CVE-2023-23529 — relates to a Webkit confusion issue through which attackers can cause operating system (OS) crashes and gain code execution on affected devices.

Threat actors can execute arbitrary code on vulnerable iOS, iPadOS, and macOS devices after users visit a malicious website. It also impacts Safari 16.3.1 on macOS Big Sur and Monterey.

“Processing maliciously crafted web content may lead to arbitrary code execution,” Apple said in a post about the security update.

“Apple is aware of a report that this issue may have been actively exploited.”

Apple has addressed the vulnerability by implementing improved checks in iOS 16.3.1, iPadOS 16.3.1, and macOS Ventura 13.2.1.

Vulnerable devices are listed below:

iPhone 8 and later

All iPad Pro models, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Macs running macOS Ventura

While Apple has acknowledged that the vulnerability may have been actively exploited, it didn’t provide further information on these attacks.

Restricting access to the information is likely to allow as many users as possible to update their devices without more malicious actors getting wind of the flaw.