Apple Rectifies and Re-Releases Security Update Following WebKit Zero-Day Vulnerability

July 12, 2023

Apple has addressed and re-released critical security updates that tackle a WebKit zero-day vulnerability that was being taken advantage of in cyber attacks. The company had to pull back the initial patches on Monday due to difficulties with web browsing on some websites. Apple stated on Tuesday, "Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly." The company indicated that it would soon distribute fixed versions of the faulty updates and encouraged customers to uninstall them if they were experiencing issues while browsing the internet after the update.

Apple did not disclose why some websites were hindered from rendering correctly after installing the iOS 16.5.1 (a), iPadOS 16.5.1 (a), and macOS 13.4.1 (a) updates. It is likely that this occurred because the new Safari user agent, which contains an "(a)" string, prevented websites from recognizing it as a valid version of Safari, leading to "browser not supported" error messages.

Currently, Apple is rolling out iOS 16.5.1 (c), iPadOS 16.5.1 (c), and macOS 13.4.1 (c) Security Response updates that rectify the web browsing issues. Apple employs RSR patches to address security issues that affect iPhone, iPad, and Mac devices and to swiftly patch vulnerabilities that are actively exploited in attacks between major OS releases.

The zero-day vulnerability (CVE-2023-37450) that was patched today affects the WebKit browser engine. It enables attackers to execute arbitrary code by deceiving targets into opening web pages that have been maliciously crafted. "This Rapid Security Response provides important security fixes and is recommended for all users," Apple cautions customers on devices where these emergency patches are delivered.

"Apple is aware of a report that this issue may have been actively exploited," the company states in iOS and macOS security advisories describing the CVE-2023-37450 flaw that was patched in today's re-released emergency security updates. Since the beginning of 2023, the company has addressed a total of ten zero-day flaws that were exploited in the wild to hack iPhones, Macs, or iPads.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.