The two serious security flaws could be used to take over an Apple iPhone after a simple visit to the wrong website.

And the problem comes just weeks before Apple releases new software and is due to unveil the latest version of its iPhone.

This is what you need to know about the Apple malware, and what you need to do today.

WHAT ARE THE SECURITY FLAWS?

Apple’s new security holes are some of the most serious to date, called “zero-day vulnerabilities” as they were previously unknown to the company and unpatched by software.

Sophos principal research scientist Paul Ducklin said the flaws were a remote code execution hole in Apple’s WebKit and a kernel code execution hole.

One can act like a “booby-trapped web page” while the other can piggyback on it to take over not just one app but the entire operating system of a phone.

“Simply put, a cybercriminal could implant malware on your device even if all you did was to view an otherwise innocent web page,” Mr Ducklin said.

Once accessing the phone, a malicious actor could use these vulnerabilities to access all apps and data stored on it, change security settings, track internet browsing or messages, and activate the device’s camera or microphone to spy on the user.

HAS IT ALREADY BEEN USED?

Worryingly, the Cupertino tech giant said it was “aware of a report that this issue may have been actively exploited”.

There was evidence both of the flaws had been used, Apple said, citing an anonymous security researcher.

Security experts have previously warned that iPhones had been spied on remotely, most notably by commercial spyware companies including Israel’s NSO Group and QuaDream.

The group as found to be accessing iPhones using Pegasus software that targeted Apple devices using iMessages.

SocialProof Security chief executive Rachel Tobac said “people who are in the public eye” should be particularly concerned about its use.

WHAT DEVICES DOES IT IMPACT?

While iPhones are the subject of Apple’s latest update, the security flaws also impact Apple iPads and Mac computers.

Anyone using an iPhone 6s or later, using a Mac running MacOS Monterey, or any model of iPad Pro, iPad Air 2 and later, iPad 5th generation or later, iPad Mini 4 and later, or iPad Touch could be hit by these security flaws.

WHAT DO I NEED TO DO?

Apple users are advised to update the software on their devices as soon as possible.

It’s recommended they backup their machines first and then, in the case of iPads, iPhones and iPods, visit Settings > General > Software Update and download the latest software.

Mac users should be prompted to update their software but can also manually update it by visiting Systems Preferences > Software Update.

The timely software updates come just weeks before Apple is expected to launch a new version of its iOS software, which is currently available in beta, and before the company launches new iPhones and iPads, rumoured to arrive at a September 7 event.