springahJul 10, 2023
Zack Whittaker

Looks like there's a new WebKit zero-day under active exploitation targeting iOS, iPadOS, and macOS. Apple rolled out a Rapid Security Response patch today.

CVE: https://support.apple.com/en-us/HT213823

I also wrote about these real-time rapid security updates last year, in case you want a backgrounder: https://techcrunch.com/2022/06/07/apple-introduces-real-time-security-updates-for-ios-and-macos/

About the security content of Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1

This document describes the content of Rapid Security Responses.

Apple Support
Jul 10, 2023 at 8:18pmWeb
Show threadZack WhittakerJul 11, 2023

Ars is reporting that Apple pulled the Rapid Security Response patch after apparently causing issues loading some websites. For what it's worth, I experienced some of the website issues after installing the patch, but can't confirm if related. Still installed and no lingering issues, but doesn't exactly inspire confidence.

https://arstechnica.com/security/2023/07/apple-releases-quickly-pulls-rapid-security-response-update-for-0-day-webkit-bug/

Apple releases, quickly pulls Rapid Security Response update for 0-day WebKit bug

Update for iOS 16, macOS Ventura can be uninstalled if you're having problems.

Ars Technica
Show threadgh0sti Jul 11, 2023
@zackwhittaker oof. I’m still deciding on uninstalling it.
Show threadMatthew CloverJul 11, 2023
@zackwhittaker Well, that is not awesome.
Show threadJonah SteinJul 11, 2023
@zackwhittaker Rapid Security Responses are supposed to inspire caution, not confidence. OTOH, the caution is not intended to be for the patch itself.
Show threadScottJul 11, 2023
@zackwhittaker I don’t understand why they pulled a fix for a zero-day exploit just because Facebook, Instagram and Zoom didn’t like it. I’d like the option to have that exploit patched, as I never use Safari to browse to those sites. And an RSR can easily be removed, unlike an OS update.
Show threadclauclauclaudiaJul 11, 2023

@zackwhittaker If I understand correctly, it’s the websites that are technically incorrect in expecting a certain format from the user agent string. It’s not that your updated device is behaving incorrectly, it’s just that websites are expecting a different answer than they’re getting and are failing to cope.

But I haven’t expected those sites to inspire confidence in me since… ever, so I’m good.

Show threadXebulun EnEssEitchJul 11, 2023
@zackwhittaker https://blog.pksecurity.io/2023/07/07/cve-2023-32439-webkit.html
Root Cause Analysis - CVE-2023-32439 Type Confusion in Webkit

Sunjoo Park @grigoritchy

PKSecurity
Show threadZack WhittakerJul 11, 2023
@xeb that blog post refers to last month's RSR update, not this one!
Show threadXebulun EnEssEitchJul 11, 2023
@zackwhittaker oh, my bad. thanks!
Show threadBrian GrinterJul 11, 2023
@zackwhittaker can’t load Facebook sounds like it worked then 😉
Show threadGonzoJul 11, 2023
@zackwhittaker - "affected sites include Facebook, Instagram, WhatsApp..." It probably saw them as malware, and that's fairly accurate.
Show threadpejacobyJul 12, 2023
@zackwhittaker had massive keyboard lag in the Teams app after installing the RSR update and rebooting. A second reboot seems to have cleared everything up, so that may be coincidental but it was nothing I'd ever experienced before. Keyboard taps would register but not produce letters, every other key might land, total loss of keyboard input for seconds at a time. #weird
Show thread🆘Bill Cole 🇺🇦Jul 12, 2023
@zackwhittaker @wendynather Leaving it installed because I’m betting that the problem websites were trying the exploit…
Show threadℳikey 🏳️‍🌈 - MovedJul 10, 2023
@zackwhittaker And in the process they broke facebook, disney+, and god knows what else..
Show threadBrian ClarkJul 11, 2023
@mikeydsg @zackwhittaker did they pull the update? It’s not currently available for either of my iOS devices
Show threadℳikey 🏳️‍🌈 - MovedJul 11, 2023
@deepthoughts10 Yes,, https://www.macrumors.com/2023/07/10/apple-pulls-ios-16-5-1-macos-13-4-1-rsrs/
Apple Pulls iOS 16.5.1 and macOS 13.4.1 Rapid Security Response Updates Due to Safari Bug

Apple earlier today released new Rapid Security Response updates for iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1 users, but Apple has pulled...

MacRumors
Show threadAxelJul 10, 2023
@zackwhittaker Thanks for the heads up!
Show threadStephen ReesJul 10, 2023
Yes I installed all three as soon as I read about it
Show threadKarl AuerbachJul 10, 2023
@zackwhittaker It installed in less than a minuted on my Macbook, plus a reboot.
Show threadZack WhittakerJul 11, 2023
@karlauerbach about the same here. not a bad turnaround!
Show threadBruceJul 10, 2023

@zackwhittaker

THANK YOU! Oddly, my macOS didn't demand that I update. I had to go looking.

Show threadTransitBikerJul 11, 2023
@zackwhittaker it keeps disappearing when I attempt to install it.
Show thread(((Jann Gobble)))🏳️‍🌈Jul 11, 2023
@zackwhittaker ..and they pulled it due to a problem it caused wrt Safari. This is the reason rapid responses may be TOO rapid.
Show thread_Kl0udyJul 11, 2023
@zackwhittaker what this mean