Apple on Monday rolled out an urgent software update to its iOS and iPadOS mobile operating systems and warned that zero-day exploitation has already been detected.
For the second time since adopting the “rapid security responses” process to address zero-day attacks, Apple pushed iOS 16.5.1 (a) and iPadOS 16.5.1 (a) to devices globally after an anonymous researcher disclosed the underlying vulnerability.
A barebones advisory from Cupertino said the security defect exists in WebKit, the browser engine used by Safari, Mail, AppStore and many other apps on iOS- and macOS-powered devices.
“Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” the company said. “The issue was addressed with improved checks.”
The vulnerability has been tagged as CVE-2023-37450.
So far in 2023, there have been 41 publicly documented cases of zero-day attacks with more than one-fifth (22 percent) affecting software code on Apple devices.
July 11 Update: Apple released Rapid Response Updates for both iOS and macOS, but was forced to pull them after users reported that the patches were breaking some websites.
Related: Problems Installing Apple’s First iOS Rapid Security Response Patch
Related: Apple Ships Urgent iOS Patch for Exploited Zero-Days
Related: Apple Fixes Exploited Zero-Day With iOS 16.1 Patch
Related: Apple Says WebKit Zero-Day Hitting iOS, macOS Devices
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product
- Chinese Gov Hackers Caught Hiding in Cisco Router Firmware
- CISA Unveils New HBOM Framework to Track Hardware Components
- Gem Security Lands $23 Million Series A Funding
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
- CrowdStrike to Acquire Application Intelligence Startup Bionic
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
