Apple releases emergency update to fix zero-day exploited in attacks

Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.

"Apple is aware of a report that this issue may have been actively exploited," the company says in iOS and macOS advisories when describing the CVE-2023-37450 vulnerability reported by an anonymous security researcher.

"This Rapid Security Response provides important security fixes and is recommended for all users," Apple warns on systems where the RSR patches are being delivered.

RSR patches have been introduced as compact updates designed to address security concerns on the iPhone, iPad, and Mac platforms, and they serve the purpose of resolving security issues that arise between major software updates, according to this support document.

Furthermore, some out-of-band security updates may also be employed to counter security vulnerabilities actively exploited in attacks.

If you turn off automatic updates or don't install Rapid Security Responses when offered, your device will be patched as part of future software upgrades.

List of emergency patches includes:

• macOS Ventura 13.4.1 (a)
• iOS 16.5.1 (a)
• iPadOS 16.5.1 (a)
• Safari 16.5.2

The flaw has been found in the WebKit browser engine developed by Apple, and it allows attackers to gain arbitrary code execution on targeted devices by tricking the targets into opening web pages containing maliciously crafted content.

The company addressed this security weakness with improved checks to mitigate exploitation attempts.



macOS 13.4.1 (a) RSR patch (BleepingComputer)