Following the release of iOS 16.5.1, iPadOS 16.5.1, and macOS 13.4.1 in June, Apple has now pushed an (a) update for each under its Rapid Security Response system. there are no new features and the update apparently only contains one fix. However, Apple appears to have pulled the update just hours after it was released to the general public.
Apple’s security page describes the flaw:
Webkit
- Available for: iOS 16.5.1 and iPadOS 16.5.1 and macOS Ventura
- Impact: Processing web content may result in the execution of arbitrary code. Apple is aware of a report that this issue may have been actively exploited.
- Description: The issue has been resolved through improved checks.
- CVE-2023-37450: an anonymous researcher
In other words, there’s a way for bad actors to create web content that can make your iPhone, iPad, or Mac work the way they want. And this flaw seems to have already been used in the wild, hence the urgent need for the patch.
According to Twitter user Aaron, who follows Apple’s software updates closely, Apple temporarily pulled the update after users reported that it “broke some apps such as Facebook, Instagram, Zoom just to name a few”. We checked an iPhone that hadn’t installed the update yet and it no longer showed up in the Software Update tab.
Apple rolled out its first Rapid Security Response update in May for iOS 16.4, iPadOS 16.4 and macOS 13.3, though it didn’t leak the contents until weeks later. It is therefore possible that this update contains other fixes that Apple has not yet announced.
To update your device when it reappears, go to the Settings app on your iPhone or iPad, tap GeneralSO Software updateand then Download and install. On your Mac, go to System Parametersthen select General And Software update.
