Apple releases urgent zero-day patches for iOS, iPadOS and macOS, users note

Apple has just rushed to release a series of Rapid Security Response (RSR) updates to address a new zero-day vulnerability that is being actively exploited. The bug affects a range of its flagship hardware products, including iPhones, Macs, and iPads, directly threatening the security and integrity of these devices.

The vulnerability, with identifier CVE-2023-37450, was first reported by an unidentified freelance security researcher. The vulnerability resides in WebKit, an open-source application framework that provides the necessary components to build a web browser, which is used by Apple, Mozilla, and Google in iOS. It can be exploited by tricking users into visiting specially designed malicious content websites. This behavior could allow attackers to execute arbitrary code on targeted devices, thereby directly impacting user privacy and security.

Apple emphasizes that the new RSR patch is only available for the latest versions of iOS, iPadOS, and macOS, starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3. To secure data and protect against malicious attacks, users should apply RSR patches immediately.

RSR patches were introduced as compact updates, intended to address security issues between major software updates on the operating system. Along with that are important security fixes to help users promptly address emerging threats.

In some cases, Apple may provide superior security updates to address vulnerabilities that are actively being exploited by hackers.

To activate, on your iPhone or iPad, go to Settings > General > Software Update > Automatic Updates, then make sure the "Security Feedback & System Files" option is turned on. On Mac: Choose Apple menu > System Settings. Click System Settings in the sidebar, then click Software Update on the right. Click the Show Details button next to Automatic Updates, then make sure "Install Security Responses and System Files" is turned on.

Jessica Tanner

Update 24 July 2023