UPDATE (10:37 a.m. July 12): On July 11, a day after releasing a Rapid Security Response update to address vulnerabilities, Apple acknowledged that it was aware of an issue with security releases that might prevent some websites from displaying properly. A second update to fix the issue will be "available soon," the company said in a post.
Apple released a Rapid Security Response update on Monday addressing a vulnerability in its latest versions of iOS, iPadOS and macOS software to address a zero-day bug believed to have been exploited in the wild.
The vulnerability, CVE-2023-37450, affects the browser WebKit module running on iPhone and iPads running iOS 16.5.1 and computer macOS Ventura 13.4.1 (a) software. The bug can be abused by adversaries to trigger an arbitrary code execution when processing web content, according to the support documents from Apple.
An anonymous researcher reported the vulnerability.
The Rapid Security Response are Apple’s new type of software release for iPhone, iPad and Macs to “deliver important security improvements between software updates … They may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist ‘in the wild.’”
Apple devices automatically apply the RSRs by default and will prompt the user to restart their device, if needed.
The security updates are the latest to address zero-day vulnerabilities in Apple products, many of which were to address so-called “zero-click” vulnerabilities or spyware, such as kernel vulnerabilities that were patched in June, while several vulnerabilities were also fixed in April and May.
