Pierluigi Paganini
July 11, 2023
Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw, tracked as CVE-2023-37450, that has been actively exploited in the wild.
Tricking the victim into processing specially crafted web content may lead to arbitrary code execution.
The flaw resides in the WebKit and Apple addressed it by improving checks.
“Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory published by Apple.
The vulnerability CVE-2023-37450 was reported to the company by an anonymous researcher.
The IT giant did not reveal details about the attacks in the wild exploiting this issue or the nature of the threat actors.
Apple initially addressed the issue with the release of iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.4.1 (a), and Safari 16.5.2. However the company pulled iOS 16.5.1 and macOS 13.4.1 Rapid Security Response Updates due to safari bug.
“Apple earlier today released new Rapid Security Response updates for iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1 users, but Apple has pulled the software, likely due to an issue that caused certain websites not to work after the RSRs were installed.” states the website MacRumors.
“According to reports on the MacRumors forums, Facebook, Instagram, WhatsApp, Zoom, and other websites started giving a warning about not being supported on the Safari browser following the Rapid Security Response updates.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Rapid Security Response)
