Zack WhittakerJul 10, 2023

Looks like there's a new WebKit zero-day under active exploitation targeting iOS, iPadOS, and macOS. Apple rolled out a Rapid Security Response patch today.

CVE: https://support.apple.com/en-us/HT213823

I also wrote about these real-time rapid security updates last year, in case you want a backgrounder: https://techcrunch.com/2022/06/07/apple-introduces-real-time-security-updates-for-ios-and-macos/

About the security content of Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1

This document describes the content of Rapid Security Responses.

Apple Support
Show threadZack WhittakerJul 11, 2023

Ars is reporting that Apple pulled the Rapid Security Response patch after apparently causing issues loading some websites. For what it's worth, I experienced some of the website issues after installing the patch, but can't confirm if related. Still installed and no lingering issues, but doesn't exactly inspire confidence.

https://arstechnica.com/security/2023/07/apple-releases-quickly-pulls-rapid-security-response-update-for-0-day-webkit-bug/

Apple releases, quickly pulls Rapid Security Response update for 0-day WebKit bug

Update for iOS 16, macOS Ventura can be uninstalled if you're having problems.

Ars Technica
Show threadScott
@zackwhittaker I don’t understand why they pulled a fix for a zero-day exploit just because Facebook, Instagram and Zoom didn’t like it. I’d like the option to have that exploit patched, as I never use Safari to browse to those sites. And an RSR can easily be removed, unlike an OS update.
Jul 11, 2023 at 3:39pmWeb