Anonymous Tip Forces Apple's Hand: Rapid Security Response Rolled Out To Counter Zero-Day Attack
Advisory Issued
Overt Operator
July 11, 2023
For the second time since the inception of its "rapid security responses" initiative, Apple was spurred into action to combat a zero-day attack.
The security move comes following the disclosure of an underlying vulnerability by an anonymous researcher. In response, Apple has released iOS 16.5.1 (a) and iPadOS 16.5.1 (a) globally to address the reported security flaw.
In a brief advisory from the Cupertino tech giant, the vulnerability was linked to WebKit, the browser engine that powers numerous applications on iOS- and macOS-operated devices, including Safari, Mail, and the App Store.
The advisory stated:
“Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. The issue was addressed with improved checks.”
The vulnerability now has the designation CVE-2023-37450.
So far, the year 2023 has witnessed 41 publicly recorded instances of zero-day attacks, with a concerning 22 percent impacting software code on Apple devices. The security of Apple products, long thought to be virtually impenetrable, has been increasingly called into question as a result of these threats.
Apple's Rapid Security Responses represent a novel approach to software release for the iPhone, iPad, and Mac. These updates provide critical security enhancements in between regular software updates, often targeting areas such as the Safari web browser, the WebKit framework stack, or other crucial system libraries. They can also serve to address certain security issues more rapidly, particularly those that have been exploited or reported to exist "in the wild."
However, these Rapid Security Responses are only rolled out for the latest versions of iOS, iPadOS, and macOS, starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1. This underscores the importance of keeping devices updated to the latest software version to benefit from these crucial security enhancements.