Apple has urged users to remove the emergency software updates released on Monday to address a zero-day vulnerability that is currently being actively exploited. The company confirmed that the latest fix may cause issues with website display, and it is working on releasing patches to address the problem.
Users on the MacRumors forum reported that the updates changed the Safari user agent, resulting in the disruption of websites like Facebook, Instagram, and Zoom.
The recent emergency update was part of Apple’s Rapid Security Response (RSR), which focuses on addressing zero-day vulnerabilities. This out-of-band release provides hot fixes for critical security issues in iPhone, iPad, and Mac devices that are being exploited in the wild. The vulnerability, identified as CVE-2023-37450, is a WebKit bug that allows attackers to execute arbitrary code when victims open maliciously crafted web content.
Apple has fixed the issue with enhanced malware checks.
The discovery of the vulnerability was made by an anonymous security researcher and affected various versions of iOS, iPadOS, macOS, and the Safari browser. Apple introduced RSR in May to deliver important security improvements between regular software updates.
In light of the critical nature of these patches, security experts emphasize the urgency of installing them promptly to protect against potential spyware or malware attacks. Apple has already addressed ten zero-days since the start of 2023, including the notorious TriangleDB zero-click iMessage malware campaign.
