Apple has fixed and re-released emergency security updates addressing a WebKit Zero Day Vulnerability Exploited in Attacks. The initial patches had to be pulled on Monday due to browsing issues on some websites.

“Apple is aware of an issue where recent security rapid responses could prevent certain websites from displaying correctly,” Apple said Tuesday.

The company added that it will release fixed versions of the buggy updates soon and advised customers to remove them if they encounter any issues while browsing the web after the update.

Although Apple did not explain why some websites were prevented from displaying correctly after installing updates to iOS 16.5.1 (a), iPadOS 16.5.1 (a) and macOS 13.4.1 ( a), this probably happened because the New Safari User Agent containing a string “(a)” was preventing websites from detecting it as a valid version of Safari, causing it to display messages “Browser not supported” error.

Today, Apple began rolling out iOS 16.5.1(c), iPadOS 16.5.1(c), and macOS 13.4.1(c) Security Response updates that address web browsing issues.

Apple uses RSR patches to address security issues affecting iPhone, iPad, and Mac devices and to quickly fix vulnerabilities actively exploited in attacks between major operating system versions.

Fixed macOS Security Response update
Fixed macOS Security Response update (BleepingComputer)

The zero-day flaw (CVE-2023-37450) patched today affects the WebKit browser engine and allows attackers to achieve arbitrary code execution by tricking targets into opening maliciously crafted web pages.

“This Security Rapid Response provides important security fixes and is recommended for all users,” Apple advises customers on devices where these emergency fixes are provided.

“Apple is aware of a report that this issue may have been actively exploited,” the company says in iOS And macOS Security advisory describing the CVE-2023-37450 flaw fixed in emergency security updates re-released today.

Since the beginning of 2023, the company has patched a total of ten zero-day flaws exploited in the wild to hack iPhones, Macs or iPads:


Source link