Apple zero-day vulnerability has been identified that was actively exploited by the threat actors in the wild to break the browsing on some websites and for arbitrary code execution.
The zero-day vulnerability has been tracked as CVE-2023-37450, and this vulnerability was identified by an anonymous cybersecurity researcher.
As a prompt response, Apple recently published a Rapid Security Responses (RSR) advisory for iOS and macOS.
The new Rapid Security Response (RSR) program if Apple rolls out a second patch, fixing a critical zero-day flaw across various Apple products like:-
- iOS for iPhone
- iPadOS for iPad
- macOS Ventura for Mac
- Safari for macOS Big Sur and Monterey
Apple WebKit Zero-Day Flaws
Apple’s silence leaves the reason undisclosed, but Safari glitches emerged after user-agent detection failure for Zoom, Facebook, and Instagram, impacting website rendering.
Rapid Security Response updates swiftly deliver zero-day fixes for iPhones and Macs, prioritizing critical patches over regular OS updates for user protection.
RSR updates alter user agents on iOS devices, appending the “(a)” string to the new updates as follows:-
- iOS 16.5.1 (a)
- iPadOS 16.5.1 (a)
- macOS Ventura 13.4.1 (a)
Soon after Apple’s patch release for CVE-2023-37450, users encountered access errors on several websites post-installation, prompting complaints.
Apple acknowledges Rapid Security Responses impacting website display, so they will soon fix it with the upcoming updates:-
- iOS 16.5.1 (b)
- iPadOS 16.5.1 (b)
- macOS 13.4.1 (b)
Remove Buggy Security Update
While the users who have already installed the buggy security updates on their Apple devices and while browsing the web face any issues, make sure to remove the updates from your device.
To do so, you have to follow the simple steps that we have mentioned below:-
- Open the Settings app on your iPhone or iPad.
- Scroll down and tap on “About.”
- Look for the “iOS Version” option and tap on it.
- On the iOS Version page, locate and tap on “Remove Security Response.”
- A confirmation prompt will appear. Tap on “Remove” to confirm the action.
- That’s it; now you are done.
The below-mentioned steps are for Mac:-
- First of all, you have to click on the Apple logo or menu located in the top left corner of the screen.
- From the dropdown menu, select “About This Mac.”
- In the “About This Mac” window, click on “More Information.”
- Next to the macOS version number, you will see an Info (i) button. Click on it.
- A new window will appear with additional details about the macOS version.
- In the new window, look for the “Remove” option and click on it.
- A confirmation dialog box will appear. Click on “Remove” to confirm the action.
- Once the removal process is complete, now you will be prompted to restart your Mac.
- Click on “Restart” to restart your Mac.
- That’s it now, you are done.
Apple’s WebKit browser engine carries this zero-day flaw (CVE-2023-37450), enabling arbitrary code execution through targeted web pages with manipulated content.
In total, there are ten zero-day vulnerabilities that were fixed by Apple this year for its following product line:-
Zero-days Fixed this Year by Apple
Here below, we have mentioned all the Zero-days fixed this year by Apple this year:-
Apple’s flawed Rapid Security Responses risk user resistance if issues persist, damaging the intended purpose of swift patch deployment.