Two actively used zero-day attacks affecting Apple products have been identified by a government-focused security group.