Apple has recently issued Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser in order to fix a zero-day vulnerability that has been actively exploited in real-world situations.
The identified bug in WebKit, tracked as CVE-2023-37450, could potentially allow malicious actors to execute arbitrary code by manipulating specially crafted web content. Apple has taken measures to address this issue by implementing enhanced checks.
The credit for discovering and reporting this flaw goes to an anonymous researcher. As is often the case in such instances, detailed information regarding the nature and extent of the attacks, as well as the identity of the threat actor, remains limited.
However, Apple has acknowledged in a brief advisory that it is "aware of a report that this issue may have been actively exploited."
The updates, namely iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.4.1 (a), and Safari 16.5.2, are now available for devices operating on the following versions of the respective operating systems:
iOS 16.5.1 and iPadOS 16.5.1
macOS Ventura 13.4.1
macOS Big Sur and macOS Monterey
This release follows Apple's response to ten zero-day vulnerabilities in its software since the beginning of 2023. Furthermore, it comes shortly after the company issued patches to address three zero-day vulnerabilities, two of which were exploited by unidentified actors as part of an espionage campaign referred to as Operation Triangulation.
Update: Apple has withdrawn the software update subsequent to reports indicating that installing the patches caused certain websites, including Facebook, Instagram, and Zoom, to display an "Unsupported Browser" error on Safari.
In a support document released on July 11, 2023, Cupertino acknowledged that it is "aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly." They advised customers who encounter difficulties to remove the update. iOS 16.5.1 (b), iPadOS 16.5.1 (b), and macOS 13.4.1 (b) are expected to be released soon to resolve the problem.