Pierluigi Paganini
July 13, 2023
Apple has re-released its Rapid Security Response updates to address the CVE-2023-37450 flaw in iOS and macOS after fixing browsing issues on certain websites caused by the first RSR issued by the company.
On July 10, Apple released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address the zero-day flaw that has been actively exploited in the wild.
Tricking the victim into processing specially crafted web content may lead to arbitrary code execution.
The flaw resides in the WebKit and Apple addressed it by improving checks.
“Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory published by Apple.
The vulnerability CVE-2023-37450 was reported to the company by an anonymous researcher.
The IT giant did not reveal details about the attacks in the wild exploiting this issue or the nature of the threat actors.
Apple initially addressed the issue with the release of iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.4.1 (a), and Safari 16.5.2. However, the company pulled iOS 16.5.1 and macOS 13.4.1 Rapid Security Response Updates due to a Safari bug.
Shortly after the installation of the patch, users started complaining that they were getting errors when visiting some websites, including Facebook, Instagram, and Zoom.
Apple admitted the problems and provided instructions for removing the updates from the devices.
On June 12, Apple re-released the updates, macOS Ventura 13.4.1 (c), iOS 16.5.1 (c) and iPadOS 16.5.1 (c).
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Rapid Security Response)
