UPDATE: Apple Pulls Rapid Security Response Updates for WebKit Vulnerability
On Monday, July 10, Apple released Rapid Security Response updates to address an arbitrary code execution vulnerability in the browser WebKit module in iOS, iPadOS, and macOS Ventura. The flaw is being actively exploited. On Tuesday, Apple pulled the update after it became "aware of an issue where this Rapid Security Response might prevent some websites from displaying properly. Rapid Security Response macOS 13.4.1 (b) will be available soon to address this issue."
Applying these patches should be a no-brainer. They fix currently exploited vulnerabilities, and Apple's "Rapid Security Response Updates" are specifically designed to be easy to apply. Should take less than five minutes per device. It does require a reboot, but the reboot is just a "regular" quick reboot and not the more lengthy reboot used by the larger operating system updates.
Apple released updates for iOS/iPadOS 16.5.1, macOS 13.4.1 and Safari 16.5.2 to address CVE-2023-37450 which are actively being exploited. Apple will be releasing new versions of the updates to iOS/iPadOS 16.5.1 and macOS Ventura as the update causes some web sites to to not display properly. If you're having issues, the rapid update can be removed through the settings app on macOS/iOS/iPadOS, and using the about the OS menu, remove the update. A restart is required.
I always recommend people keep automatic updates running, but I also find it inconsistent or delayed sometimes. If you are reading this and are security conscious, force the upgrade as it may not have already occurred.
Apple introduced Rapid Security Response updates in May of this year to address critical vulnerabilities. This is the second time they’ve used this update process. The updates are compact and quick to install. Given reports that the vulnerability is actively being exploited, download and install today.
“The flaw is being actively exploited” = Patch now !!
Read more in
Bleeping Computer: Apple releases emergency update to fix zero-day exploited in attacks