Apple has issued urgent security updates, known as Rapid Security Response updates, for iOS, iPadOS, macOS, and the Safari web browser. The updates aim to mitigate a zero-day vulnerability that Apple confirms has been actively exploited by threat actors.
The zero-day flaw, CVE-2023-37450 and related to WebKit, could allow malicious actors to execute arbitrary code by manipulating specific web content. Apple has addressed the issue by implementing enhanced checks in the affected systems.
The anonymous researcher who discovered and reported the vulnerability has been credited. As is often the case with such incidents, limited details are available regarding the nature and scale of the attacks or the identity of the threat actor responsible.
Apple issued a short warning in which it acknowledged being “aware of a report that this issue may have been actively exploited.”
The software updates—iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.4.1 (a), and Safari 16.5.2—are now available for devices running the following operating system versions:
- iOS 16.5.1 and iPadOS 16.5.1
- macOS Ventura 13.4.1
- macOS Big Sur and macOS Monterey
Apple’s latest security patch comes after the company has already addressed 10 zero-day vulnerabilities in its software since the beginning of 2023. Notably, this release follows recent patches intended to fix three zero-days, two of which were exploited by unidentified threat actors as part of an espionage campaign known as Operation Triangulation.
After reports surfaced that installing the patches caused certain websites like Facebook, Instagram, and Zoom to display an “Unsupported Browser” error on Safari, Apple has withdrawn the software update.