News
Apple urges users to update iOS, iPadOS, and macOS for zero-day patch
If you have automatic updates turned on (and “Security Responses & System Files” activated), you’re already protected!
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Update your iPhone right now. While you’re at it, update your MacBook too. Got an iPad? Great, that could use an update. Apple has released urgent zero-day patches for its iOS, iPadOS, and macOS platforms.
Last night, Apple released and pulled an urgent iOS patch, and reports say it was breaking websites when users would try to access them in Safari. Apple recently pushed out an urgent patch but had to pull it back overnight.
Apple has confirmed that this is a 0-day vulnerability, and there is currently no available patch to address it. Worse case, it’s likely being exploited, so it is a big problem that no effective patch currently exists for download.
The company’s Rapid Security Response updates aim to mitigate a software vulnerability currently seeing active exploitation in the wild. If Apple is quick to spring into action about a security threat, then you should move faster because it could potentially be that serious.
🚨 The vulnerability – what we know so far
The bug in question impacts Apple’s Safari WebKit browser engine and could potentially lead to arbitrary code execution.
In layman’s terms, this means that cybercriminals could deploy malware onto a targeted device by tricking users into opening malicious web pages.
This vulnerability has been cataloged as CVE-2023-37450 and patches are now available for:
- iOS 16.5.1
- iPadOS 16.5.1
- macOS Ventura 13.4.1
The issue was reported by an anonymous researcher who discovered evidence of active exploitation of the bug in the wild.
Expert Insights: Jamie Brummell Weighs In
Jamie Brummell, co-founder and CTO of Socura and renowned security researcher, had some insights to share on this matter:
“This iOS patch was rapid in name, and rapid in nature,” says Brummell, “Reports suggest it has been pulled by Apple because it was causing some websites to break. This is the challenge with rapidly developed patches – they can result in unexpected issues due to the limited time the vendor has to test them.” Brummell adds, “Rapid patches can break more than they fix…We know this is a serious vulnerability because Apple is using its new ‘Rapid Security Response’ targeted patching method to get the fix out there quickly. The fact that there are reports it is being exploited in the wild has added to the urgency.”
On whether users can check if they’ve been targeted, Brummell states, “There’s no indication yet if Apple users can check whether they’ve been targeted, or how they would check.
Brummell suggests regularly rebooting your iPhone and considering using iOS Lockdown mode to block potentially harmful scripts and attachments.
How To Update Your Devices
Apple devices should automatically download these Rapid Security Responses, but you might need to restart your device to complete the update process.
To manually update your iPhone or iPad:
- Head over to Settings > General
- Click on Software Update
- Click on the Apple menu
- Navigate to System Settings
- Click General in System Settings
- Proceed with Software Update
If you have automatic updates turned on (and “Security Responses & System Files” activated), you’re already protected!
Wrapping Up: An Ever-Evolving Threat Landscape
Apple’s move towards Rapid Security Responses signals its commitment to efficiently delivering security fixes amidst an ever-growing landscape of threats.
This recent incident marks the tenth zero-day vulnerability that Apple has patched this year alone – a testament to both their proactive approach towards user safety and evolving sophistication of cyber threats.
Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.
Editors’ Recommendations:
- Why the Apple Vision Pro might be a challenge to get your hands on in 2024
- Apple Arcade vs. Google Play Pass: Is there any difference?
- Does Apple Vision Pro require iPhone?
- Does Apple Vision Pro work with glasses?
Follow us on Flipboard, Google News, or Apple News
