Zack WhittakerJul 10, 2023

Looks like there's a new WebKit zero-day under active exploitation targeting iOS, iPadOS, and macOS. Apple rolled out a Rapid Security Response patch today.

CVE: https://support.apple.com/en-us/HT213823

I also wrote about these real-time rapid security updates last year, in case you want a backgrounder: https://techcrunch.com/2022/06/07/apple-introduces-real-time-security-updates-for-ios-and-macos/

About the security content of Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1

This document describes the content of Rapid Security Responses.

Apple Support
Show threadZack WhittakerJul 11, 2023

Ars is reporting that Apple pulled the Rapid Security Response patch after apparently causing issues loading some websites. For what it's worth, I experienced some of the website issues after installing the patch, but can't confirm if related. Still installed and no lingering issues, but doesn't exactly inspire confidence.

https://arstechnica.com/security/2023/07/apple-releases-quickly-pulls-rapid-security-response-update-for-0-day-webkit-bug/

Apple releases, quickly pulls Rapid Security Response update for 0-day WebKit bug

Update for iOS 16, macOS Ventura can be uninstalled if you're having problems.

Ars Technica
Show threadpejacoby
@zackwhittaker had massive keyboard lag in the Teams app after installing the RSR update and rebooting. A second reboot seems to have cleared everything up, so that may be coincidental but it was nothing I'd ever experienced before. Keyboard taps would register but not produce letters, every other key might land, total loss of keyboard input for seconds at a time. #weird
Jul 12, 2023 at 1:47amWeb