Cupertino, California - Apple has released new security updates for its devices, saying they fix two zero-day vulnerabilities which "may have been actively exploited."

One of the bugs affected Apple's WebKit software which is used to display content in browsers.

If the security gap is exploited, that "may lead to arbitrary code execution," the company said.

"Simply put, a cybercriminal could implant malware on your device even if all you did was to view an otherwise innocent web page," IT security firm Sophos wrote in a Thursday blog post.

The security gap predominately affected iPhones and iPads as all browsers used on Apple's mobile devices are based on WebKit, while the software is only used for the Safari browser on Mac computers.

Apple also fixed a bug affecting the OS' kernel, basically the central core of the operating system that controls everything. According to Sophos, this vulnerability allowed an attacker who had already gained access to your device to start taking control, including spying on running apps and changing security settings.

Both issues are major security flaws that are often deliberately exploited by intelligence or spyware developers. Last year, alleged spying on the mobile phones of high-profile individuals using the Israeli NSO Group's Pegasus surveillance software caused an international stir.

The software also exploited security vulnerabilities on Apple devices.

It's not clear how Apple found the two latest bugs, only crediting "an anonymous researcher." Like other companies, the US firm hands out rewards to those who detect security vulnerabilities.

If you haven't already, make sure to update your Apple device as soon as possible – it won't notify you to install the new security updates.

For iPhones and iPads, you will need the updated operating system version iOS/iPad OS 15.6.1, and macOS Monterey 12.5.1 for Apple's computers.