The Hacker NewsTHN:D4DA0903BD2C49B195C24788F1EF22D9Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari
Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild.
The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker said it addressed the issue with improved checks.
Credited with discovering and reporting the flaw is an anonymous researcher. As with most cases like this, there are scant details about the nature and the scale of the attacks and the identity of the threat actor behind them.
But Apple noted in a terse advisory that itβs βaware of a report that this issue may have been actively exploited.β
UPCOMING WEBINAR
[Shield Against Insider Threats: Master SaaS Security Posture Management
](<https://thn.news/I26t1VFD>)
Worried about insider threats? Weβve got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.
The updates, iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.4.1 (a), and Safari 16.5.2, are available for devices running the following operating system versions:
Apple has addressed 10 zero-day vulnerabilities in its software since the start of 2023. It also arrives weeks after the company rolled out patches to fix three zero-days, two of which have been weaponized by unidentified actors in connection with an espionage campaign called Operation Triangulation.
Update (11 July, 2023)
Apple has pulled the software update after reports emerged that installing the patches caused certain websites like Facebook, Instagram, and Zoom to throw an βUnsupported Browserβ error on Safari.
In a support document released on July 11, 2023, Cupertino said itβs βaware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly,β advising customers experiencing problems to remove the update. iOS 16.5.1 (b), iPadOS 16.5.1 (b), and macOS 13.4.1 (b) are expected to be released βsoonβ to remediate the problem.
Apple Reissues Zero-day Fixes (12 July, 2023)
Apple on Wednesday re-released updated Rapid Security Response (RSR) fixes for iOS, iPadOS, and macOS users, days after it pulled them after they were found to cause issues with Safari due to the way the updates were named. The updates are as follows -
- iOS 16.5.1 Β© and iPadOS 16.5.1 Β© - iOS 16.5.1 and iPadOS 16.5.1
- macOS Ventura 13.4.1 Β© - macOS Ventura 13.4.1
Found this article interesting? Follow us on Twitter ο and LinkedIn to read more exclusive content we post.
Related
