2023-07-11
UPDATE: Apple Pulls Rapid Security Response Updates for WebKit Vulnerability
On Monday, July 10, Apple released Rapid Security Response updates to address an arbitrary code execution vulnerability in the browser WebKit module in iOS, iPadOS, and macOS Ventura. The flaw is being actively exploited. On Tuesday, Apple pulled the update after it became "aware of an issue where this Rapid Security Response might prevent some websites from displaying properly. Rapid Security Response macOS 13.4.1 (b) will be available soon to address this issue."
Editor's Note
Applying these patches should be a no-brainer. They fix currently exploited vulnerabilities, and Apple's "Rapid Security Response Updates" are specifically designed to be easy to apply. Should take less than five minutes per device. It does require a reboot, but the reboot is just a "regular" quick reboot and not the more lengthy reboot used by the larger operating system updates.
Johannes Ullrich
Apple released updates for iOS/iPadOS 16.5.1, macOS 13.4.1 and Safari 16.5.2 to address CVE-2023-37450 which are actively being exploited. Apple will be releasing new versions of the updates to iOS/iPadOS 16.5.1 and macOS Ventura as the update causes some web sites to to not display properly. If you're having issues, the rapid update can be removed through the settings app on macOS/iOS/iPadOS, and using the about the OS menu, remove the update. A restart is required.
Lee Neely
I always recommend people keep automatic updates running, but I also find it inconsistent or delayed sometimes. If you are reading this and are security conscious, force the upgrade as it may not have already occurred.
Moses Frost
Apple introduced Rapid Security Response updates in May of this year to address critical vulnerabilities. This is the second time they’ve used this update process. The updates are compact and quick to install. Given reports that the vulnerability is actively being exploited, download and install today.
Curtis Dukes
“The flaw is being actively exploited” = Patch now !!
Brian Honan
Read more in
Apple: About the security content of Rapid Security Responses for macOS Ventura 13.4.1
Ars Technica: Apple releases, quickly pulls Rapid Security Response update for 0-day WebKit bug
SC Magazine: Apple pushes emergency patch to fix exploited zero-day in iOS and macOS
Bleeping Computer: Apple releases emergency update to fix zero-day exploited in attacks
Apple: Apple security updates and Rapid Security Responses
Apple: About the security content of Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1