Emergency Apple Update Fixes Zero Day Being Actively Exploited

Back to Giveaway of the Day

Giveaway of the Day Forums » Technical notes

Emergency Apple Update Fixes Zero Day Being Actively Exploited

(2 posts) (1 voice)

Started 1 year ago by mikiem2
Latest reply from mikiem2

mikiem2
Moderator

bleepingcomputer[.]com/news/apple/apple-releases-emergency-update-to-fix-zero-day-exploited-in-attacks/

Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.

Today's list of emergency patches includes:

macOS Ventura 13.4.1 (a)
iOS 16.5.1 (a)
iPadOS 16.5.1 (a)
Safari 16.5.2

The flaw has been found in the WebKit browser engine developed by Apple, and it allows attackers to gain arbitrary code execution on targeted devices by tricking the targets into opening web pages containing maliciously crafted content.

The company addressed this security weakness with improved checks to mitigate exploitation attempts.

Posted 1 year ago #
mikiem2
Moderator

bleepingcomputer[.]com/news/apple/apple-re-releases-zero-day-patch-after-fixing-browsing-issue/

Apple fixed and re-released emergency security updates addressing a WebKit zero-day vulnerability exploited in attacks. The initial patches had to be withdrawn on Monday due to browsing issues on certain websites.

"Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly," Apple said on Tuesday.

The company added it would soon release fixed versions of the buggy updates and advised customers to remove them if they were experiencing issues while browsing the web after updating.

While Apple did not share why some websites were prevented from rendering correctly after installing the iOS 16.5.1 (a), iPadOS 16.5.1 (a), and macOS 13.4.1 (a) updates, this likely happened because the new Safari user agent containing an "(a)" string prevented websites from detecting it as a valid version of Safari, causing it to display "browser not supported" error messages.

Today, Apple started pushing iOS 16.5.1 (c), iPadOS 16.5.1 (c), and macOS 13.4.1 (c) Security Response updates that address the web browsing issues.

Posted 1 year ago #

RSS feed for this topic

Reply

You must log in to post.