Apple has issued Rapid Security Response (RSR) updates to address a newly discovered zero-day vulnerability that has been actively exploited on fully-patched iPhones, Macs, and iPads.
Furthermore, the vulnerability, known as CVE-2023-37450, prompted Apple to urge all users to install the security fixes as part of the RSR patches. These updates are designed to address security concerns and resolve issues that arise between major software updates on Apple devices.
The latest emergency patches include macOS Ventura 13.4.1 (a), iOS 16.5.1 (a), and iPadOS 16.5.1 (a), targeting the flaw found in the WebKit browser engine. The vulnerability allows attackers to execute arbitrary code on targeted devices by tricking users into opening web pages with malicious content.
Apple has implemented improved checks to mitigate exploitation attempts and enhance security.
Additionally, this marks the tenth zero-day vulnerability that Apple has patched in 2023, highlighting the ongoing efforts to protect iPhones, Macs, and iPads from sophisticated attacks.
The company previously addressed zero-day flaws that were exploited to deploy spyware, such as Triangulation spyware via iMessage zero-click exploits. These frequent updates demonstrate Apple’s commitment to addressing security vulnerabilities promptly and ensuring the safety of its users’ devices.