It seems the past few months haven’t been too friendly to Apple Inc, as it releases another rapid response update fixing zero-day vulnerabilities affecting the apple products and safari browser, across all OS.
Image-Source: fixitgearware.com
Sometime in the month of June, we could remember apple released a list of security patch, which tackles a number of vulnerabilities such as integer-overflow.
However, it seems the company is not catching a break anytime soon, as ever since the last WWDC2023, penetration testers, have been discovering from one security flaws to another affecting both the operating systems of all the apple products and also the web-browser Safari.
The new Rapid Security Response update addresses the issues in the iOS, iPadOS, macOS, and Safari web browser to fix a zero-day flaw which is being exploited by threat actors.
Vulnerability Description:
The vulnerability which is assigned the CVE-2023-37450 is a Webkit bug, which allows threat actors to execute arbitrary code. According to apple it is reported that this security issue, might have been exploited.
Apple stated on their support page:
“Apple is aware of a report that this issue may have been actively exploited.”
Mitigation:
On the 10th July 2023, Apple released a security update that addresses the iOS16.5 and iPadOS 16.5. The new update that was released was tagged iOS16.5(a) and iPadOS 16.5 (a).
Although Apple released this update, we at FixitgearwareSecurity, had to wait in other to verify the claimed security flaws fixed. These steps and decision made our guess as right, as on the 11th June 2023, apple had to pull the security updates tagged iOS16.5(a) and iPadOS 16.5 (a).
This was due to emerging reports that the security update caused the malfunctioning of certain websites like Facebook, Zoom, and Instagram. It was reported that when users try to access these websites from their safari browser, they get an error message “Unsupported Browser.”
Apple took a swift action to release new updates tagged iOS16.5(b), iPadOS 16.5.(b), and macOS 13.4.1(b), to remediate the problem. However, we at FixitgearwareSecurity, still took the decision to wait.
Over the years of our experience, in other to save and protect their vast user’s big cooperation tend to take swift actions in addressing reported vulnerabilities, thereby loosing sight of certain code errors.
However, there was another security flaws in the update released tagged iOS16.5(b), iPadOS 16.5 (b), and macOS 13.4.1(b), apple Inc. swiftly address this issue, by releasing a new update on the 12th July 2023.
After confirming that these updates have address these issues, we at FixitgearwareSecurity, recommend that users should swiftly update their devices to prevent them from being compromised.
If your device has been set to automatic update, there are tendencies that your device is already updated. To be sure if your device is running the latest update, go to settings -> general -> software update on your iPhone or iPad and if you see the on-screen notification “iOS 16.5.1(c) iOS is up to date.” Then you are good to go, as your device has been updated to the latest firmware version.
Image-Source: fixitgearware.com
However, if not updated yet, we suggest that you get your device updated immediately. The list of updates provided on various apple devices, can be read at Apple Inc official support website.
Put your comments below in the comment section on your thoughts about this.