Apple has released patches addressing a vulnerability in its latest versions of iOS, iPadOS, and macOS software to address a zero-day bug believed to have been exploited in the wild.
The vulnerability, CVE-2023-37450, affects the browser WebKit module running on iPhone and iPads running iOS 16.5.1 and computer macOS Ventura 13.4.1 (a) software. The bug can be abused by adversaries to trigger an arbitrary code execution when processing web content, according to the support documents from Apple.
The Rapid Security Response is Apple’s new type of software release for iPhone, iPad, and Macs to “deliver important security improvements between software updates. They may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist in the wild.
Apple devices automatically apply the RSRs by default and will prompt the user to restart their device, if needed.
The security updates are the latest to address zero-day vulnerabilities in Apple products, many of which were to address so-called “zero-click” vulnerabilities or spyware, such as kernel vulnerabilities that were patched in June, while several vulnerabilities were also fixed in April and May.