Emergency Update Patches 10th Zero-Day Flaw this Year in iOS and macOS

Apple is rolling out emergency security updates to its user base addressing a newly discovered flaw in the WebKit engine shared by iOS and macOS devices.

iOS 16.5.1 (a) and macOS Ventura 13.4.1 (a) are being rolled out to address a security flaw tracked as CVE-2023-37450.

The vulnerability, found in the WebKit web rendering engine shared by apps that can display web content, is said to be actively exploited - hence the need to issue a rapid standalone patch to fix the flaw on vulnerable devices.

“Apple is aware of a report that this issue may have been actively exploited,” says the Cupertino-based tech giant.

According to advisories published by the company yesterday, “processing web content may lead to arbitrary code execution.” In other words, an attacker can simply send victims a malicious link and gain enough privileges on the target device to run their own code - including malware.

The flaw is also addressed on older versions of macOS (Big Sur and Monterey) by means of a Safari update. Users who are running either of these macOS iterations can patch against this flaw by simply updating their Safari browser to version 16.5.2.

These types of flaws are commonly exploited by mercenary spyware vendors. They are also a key reason why Apple started issuing Rapid Security Response (RSR) patches this year, starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1.

RSR updates are designed to deliver important security improvements between major software updates. They are applied automatically for users who have automatic updates enabled, and sometimes don’t even require a reboot, ensuring a seamless and painless patching experience as quickly as possible.

With this release, Apple has patched the 10th zero-day flaw discovered in its products this year. Threat actors are increasingly targeting iOS and macOS in recent years, making it important not just to install the latest security fixes as they become available, but also to run a dedicated security solution.