Application security, Endpoint/Device Security

Apple pushes emergency patch to fix exploited zero-day in iOS and macOS

iPhones

UPDATE (10:37 a.m. July 12): On July 11, a day after releasing a Rapid Security Response update to address vulnerabilities, Apple acknowledged that it was aware of an issue with security releases that might prevent some websites from displaying properly. A second update to fix the issue will be "available soon," the company said in a post.

Apple released a Rapid Security Response update on Monday addressing a vulnerability in its latest versions of iOS, iPadOS and macOS software to address a zero-day bug believed to have been exploited in the wild.

The vulnerability, CVE-2023-37450, affects the browser WebKit module running on iPhone and iPads running iOS 16.5.1 and computer macOS Ventura 13.4.1 (a) software. The bug can be abused by adversaries to trigger an arbitrary code execution when processing web content, according to the support documents from Apple.

An anonymous researcher reported the vulnerability.

The Rapid Security Response are Apple’s new type of software release for iPhone, iPad and Macs to “deliver important security improvements between software updates … They may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist ‘in the wild.’” 

Apple devices automatically apply the RSRs by default and will prompt the user to restart their device, if needed. 

The security updates are the latest to address zero-day vulnerabilities in Apple products, many of which were to address so-called “zero-click” vulnerabilities or spyware, such as kernel vulnerabilities that were patched in June, while several vulnerabilities were also fixed in April and May.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.
Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

You can skip this ad in 5 seconds