Apple on Monday released a Rapid Security Response (RSR) update to address a new zero-day vulnerability in the latest versions of iPhones, Macs, and iPads.
The vulnerability, tracked as CVE-2023-37450, was reported by an anonymous security researcher, and is being actively exploited in the wild.
“Apple is aware of a report that this issue may have been actively exploited,” the company says in iOS and macOS advisories when describing the CVE-2023-37450 vulnerability.
The recently discovered vulnerability resides in WebKit, which is the web browser engine developed by Apple and used by all the company’s products.
According to the advisories sent to iOS and macOS users, the bug can be exploited by adversaries to trigger an arbitrary code execution by processing maliciously crafted web content so as to compromise vulnerable iPhones, iPads, and Macs.
The fix was released on Monday as part of Apple’s Rapid Security Response program, which delivers important security improvements between software updates for iPhones, iPads, and Macs.
“Rapid Security Responses are a new type of software release for iPhone, iPad, and Mac,” according to Apple.
“They deliver important security improvements between software updates—for example, improvements to the Safari web browser, the WebKit framework stack, or other critical system libraries. They may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist ‘in the wild.'”
Apple noted that New Rapid Security Responses are delivered only for the latest versions of iOS, iPadOS, and macOS, starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1.
By default, Rapid Security Responses are automatically applied to the device. If necessary, users will be prompted to restart their device.
To check your device settings:
- iPhone or iPad: Go to Settings > General > Software Update > Automatic Updates, then make sure that “Security Responses & System Files” is turned on.
- Mac: Choose Apple menu > System Settings. Click General in the sidebar, then click Software Update on the right. Click the Show Detail button next to Automatic Updates, then make sure that “Install Security Responses and system files” is turned on.
When a Rapid Security Response has been applied, a letter will appear after the software version number. The latest RSR patches include updates for macOS Ventura 13.4.1 (a), iOS 16.5.1 (a), iPadOS 16.5.1 (a), and Safari 16.5.2.
However, it’s worth noting that if a user chooses to turn off this setting or not apply Rapid Security Responses when they are available, their device will still receive relevant fixes or mitigations during the next subsequent software update.
To know more details about Rapid Security Response, you can check out the Apple security releases article.