Rapid security response patches for various Apple platforms

Topic

New Reply

Apple pushed updates for a new zero-day that may have been actively exploited.

CVE-2023-37450 (WebKit):
– Rapid Security Response – iOS and iPadOS 16.5.1 (a)
– Rapid Security Response – macOS Ventura 13.4.1 (a)

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

J9438, AlphaCharlie, RetiredGeek

Reply | Quote

Replies

AKB2000014 has been with links to security content and information.

UPDATE NOTE: RSR pulled due to Safari bug. Info at MacRumors, MacWorld, and AppleInsider.

Reply | Quote

Safari 16.5.2
https://support.apple.com/kb/HT213826

Reply | Quote

Apple Pulls iOS 16.5.1 and macOS 13.4.1 Rapid Security Response Updates Due to Safari Bug

Apple earlier today released new Rapid Security Response updates for iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1 users, but Apple has pulled the software, likely due to an issue that caused certain websites not to work after the RSRs were installed.

According to reports on the MacRumors forums, Facebook, Instagram, WhatsApp, Zoom, and other websites started giving a warning about not being supported on the Safari browser following the Rapid Security Response updates.

The iOS 16.5.1, iPadOS 16.5.1, and ‌macOS Ventura‌ 13.4.1 Rapid Security Response updates fixed a WebKit vulnerability that Apple says may have been actively exploited. Unfortunately, it appears that the updates changed the Safari user agent to include an (a), leading some websites to break.

Apple will likely re-release the RSRs when the issue has been addressed…

Those who have already installed the update can downgrade on iOS by going to Settings > General > About and tapping on iOS Version. From there tap on Remove Security Update. On the Mac, updates can be removed by following our how to.

* Looking at the list of apps failing after the update I would say all took advantage of the WebKit vulnerability /s

* What is more important, fixing an active security vulnerability or being blocked from using Facebook, Instagram, WhatsApp, Zoom / switching to another browser.

2 users thanked author for this post.

J9438, WCHS

Reply | Quote

Facebook, obvs.

Why don’t Apple test updates before thrusting them on the world? /s

Reply | Quote

It’s trying to copy/emulate Microsoft?
/s

Reply | Quote

Happens often.

10 new features Apple borrowed, copied, and stole from Google, Samsung, Microsoft, and Fitbit

Apple finally admits Microsoft was right about tablets

Reply | Quote

b wrote:

Why don’t Apple test updates before thrusting them on the world? /s

I so hoped it was deliberate.

Reply | Quote

Apple is aware of an issue where this Rapid Security Response might prevent some websites from displaying properly. Rapid Security Response iOS 16.5.1 (b) and iPadOS 16.5.1 (b) will be available soon to address this issue.

You can choose to remove Rapid Security Response (a): In Settings > About > iOS Version, tap “Remove Security Response.” Then tap Remove to confirm.

Reply | Quote

If I choose to keep the rapid security response patch on my phone, I don’t use facebook or their apps, any ideas if I’m gonna run into a problem later if Apple rereleases the patch?

Reply | Quote

No.
The problem is with any site checking Safari agent.
If you don’t use Safari you have nothing to worry.
Patch (b) will override patch (a).

Reply | Quote

Rapid Security Response 16.5.1 (c) was released today …

iOS 16.5.1 (c) and iPadOS 16.5.1 (c)

Released July 12, 2023

Rapid Security Responses iOS 16.5.1 (c) and iPadOS 16.5.1 (c) include the security content of Rapid Security Responses iOS 16.5.1 (a) and iPadOS 16.5.1 (a) and fix an issue that prevents some websites from displaying properly.

Apple Security Releases

2 users thanked author for this post.

hyppolyte, Alex5723

Reply | Quote

AKB2000014 has been updated for the re-release of the RSRs on 7/12/23.

Reply | Quote