It emerged this week that tech companies have been racing to fix the Meltdown and Spectre bugs, that could allow hackers to steal data.
Billions of PCs, smartphones and tablets around the world are affected – Apple has now confirmed its products are too.
The firm has released some patches to mitigate the Meltdown flaw.
It said there was no evidence that either vulnerability had been exploited yet, but advised downloading software only from trusted sources to avoid “malicious” apps.
Mac users have often believed that their devices and operating systems are less vulnerable to security issues than, for example Android phones or computers running Microsoft systems.
The Meltdown and Spectre flaws are found in many modern computer processing units – or microchips – made by Intel and ARM, and together the firms supply almost the entire global computer market.
“All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” Apple said in blog post on the issue.
“These issues apply to all modern processors and affect nearly all computing devices and operating systems.”
Apple said it had already released “mitigations” against Meltdown in its latest iPhones and iPad operating system update – iOS 11.2 and the macOS 10.13.2 for its MacBooks and iMacs.
Meltdown does not affect the Apple Watch, it said.
Patches against Spectre, in the form of an update to web browser Safari, will be released “in the coming days”.
Google and Microsoft have already issued statements telling users which products are affected by the bugs.
Google said its Android phones – which make up more than 80% of the global market – were protected if users had the latest security updates.
And Microsoft has already released fixes for many of its services.
Windows users should be aware that third-party anti-virus software may need to be updated before applying operating system patches.
Security researcher Kevin Beaumont is maintaining an online list of anti-virus products that have been updated.
Guidance from US cyber-security project CERT, which is funded by the federal government, originally advised computer users that in order to fully remove the vulnerability they would have to “replace” processor hardware.
It has now changed that advice to say users should “apply updates” to mitigate any attacks instead.