Apple pushes new Rapid Security Response updates to patch zero-day exploits on iPhones and Macs
Following the release of iOS 16.5.1, iPadOS 16.5.1, and macOS 13.4.1 in June, Apple has now pushed an (a) update to each under its Rapid Security Response system. there are no new features and the update seemingly contains just a single patch. Apple’s security page describes the flaw:
WebKit
- Available for: iOS 16.5.1 and iPadOS 16.5.1 and macOS Ventura 13.4.1
- Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: The issue was addressed with improved checks.
- CVE-2023-37450: an anonymous researcher
In other words, there’s a way for bad actors to create web content that can make your iPhone, iPad, or Mac run whatever they want. And this flaw seems to have already been used in the wild, hence the emergency need for the patch.
Apple pushed its first Rapid Security Response update in May for iOS 16.4, iPadOS 16.4, and macOS 13.3, though it didn’t divulge the contents until a couple of weeks later. So it’s possible that this update contains other fixes that Apple isn’t declaring yet.
To update your device, go to the Settings app on your iPhone or iPad, tap General, then Software Update, and then Download and Install. On your Mac, head over to System Settings, then select General and Software Update.
