Apple issues (second) emergency fix for vulnerabilities exploited by hackers
Take action: No easy way to say this. When you get a notification on your Apple device that an update is available, please update it. And don't browse on weird sites in the meantime.
Learn More
Apple has released a set of Rapid Security Response (RSR) updates to address a new zero-day vulnerability that has been exploited in attacks, affecting fully-patched iPhones, Macs, and iPads.
The vulnerability resides in the WebKit browser engine developed by Apple, allowing attackers to execute arbitrary code on targeted devices by luring users into visiting web pages containing malicious content.
The vulnerability is identified as CVE-2023-37450 and reported by an anonymous security researcher and may have been actively exploited.
The emergency patches released by Apple are marked as:
- macOS Ventura 13.4.1 (c)
- iOS 16.5.1 (c)
- iPadOS 16.5.1 (c)
These updates are quick to install, taking only a few minutes to download and requiring a restart for the installation process.
Apple had initially introduced the RSR updates earlier in the week which carried the (a) suffix, but there were issues with Safari compatibility due to the way they were named. Certain websites like Facebook, Instagram, WhatsApp, and Zoom displayed a warning about not being supported on the Safari browser after the software installation.
In response, Apple temporarily removed the RSR updates while working on a fix and provided instructions to users on how to remove the updates if they were already installed. The new (c) RSR updates have resolved the Safari compatibility issue and will not cause the same problem.
