On May 2, Apple released its first Rapid Security Response update for iOS 16.4, iPadOS 16.4, and macOS 13.3. Apparently Apple was in such a rush to release the update (hence the “Rapid”) that it didn’t want to wait for iOS 16.5 and macOS 13.4, which landed two weeks later. At the time, it didn’t disclose what was fixed, but now we know.
However, the security notes for iOS 16.5, iPadOS 16.5, and macOS Ventura 13.4 updates released on Thursday include patch details for the Rapid Security Response update. You can read the full security notes online, but we’ve excerpted the Rapid Security Response update-specific fixes below. All three devices have received the same fixes and are now also available for macOS Monterey and Big Sur, as well as iOS 15.
Webkit
- Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds read has been resolved with better input validation.
- With WebKit Bugz: 254930
- CVE-2023-28204: an anonymous researcher
Webkit
- Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Impact: Processing maliciously crafted web content may lead to the execution of arbitrary code. Apple is aware of a report that this issue may have been actively exploited.
- Description: A use-after-free issue was addressed with better memory management.
- With WebKit Bugz: 254840
- CVE-2023-32373: an anonymous researcher
What is Rapid Security Response?
Apple demonstrated the Security Rapid Responses at WWDC last year, but the first use of the feature didn’t happen until earlier this month. This feature is used when Apple needs to release urgent updates to protect the security of iPhones, iPads, and Macs, and it will not include items found in typical OS updates, such as new features or bug fixes.
A device must be running the latest version of its operating system for Rapid Security Responses to work. Automatic installation is enabled by default, and Rapid Security Response updates are identified by a letter at the end of the version number. For example, the first iOS update is iOS 16.4.1 (a).
To enable/disable Quick Security Responses:
- iPhone/iPad: Go to Settings > General > Software update > Automatic updates. Toggle the switch for “Security responses and system files”.
- In System Settings, click General in the sidebar. In the main window, click Software update. Click the “i” icon next to Automatic Updates, then toggle the switch to “Install security answers and system files”.
