Apple has released a new Rapid Security Response (RSR) update that fixes a zero-day vulnerability said to affect fully patched Apple devices such as iPhones, Macs, and iPads.
“Apple is aware of a report that this issue may have been actively exploited,” Apple wrote in its safety notice.
The bug fixed is tracked as CVE-2023-37450 and described as Arbitrary code execution bug in the WebKit browser engine. It allows threat actors to run arbitrary code on targeted endpoints by tricking victims into opening malicious websites.
Apple has fixed the bug with improved checks that would curb attempts to exploit the bug, it said.
The patch was originally released for this operating system Versions:
- macOS Ventura 13.4.1 (a)
- iOS 16.5.1(a)
- iPad OS 16.5.1 (a)
- safari 16.5.2
However, it was later reported that the company pulled some of the updates due to a bug safari. In a thread for Macrumors forumOne user asked: “Did Apple make it? I updated my MacBook and iPhone when it was released, but had to wait until tonight to apply it to my Mac Mini and iPad, but it’s not showing up on either.” Another soon responded, saying, “According to this link they also pulled off the Ventura models. But those links still work.”
Some media are even reporting that Apple has withdrawn all versions, although the news has yet to be confirmed.
While we don’t know who the threat actors exploiting this vulnerability are, or who their targets might be, it would be best to apply the patch and not wait for further clarification. Those who have automatic updates and RSR disabled will receive the patch along with future software upgrades.
Analysis: Why is this important?
Arbitrary code execution is a serious mistake as it allows threat actors to cause significant damage to target endpoints and larger networks. The vulnerability relates to the threat actor’s ability to run malicious code on the compromised system, potentially giving them access to data, apps, and more. By gaining access to the system, threat actors can filter out sensitive data, escalate privileges for even more system control, install malware, create backdoors, and more.
To protect against arbitrary code execution, organizations are advised to regularly update their software and hardware, implement strict access controls, and regularly audit their systems.
In this particular case, CVE-2023-37450 is said to have been used in the wild. This means that the threat actors managed to create malicious code that exploits the vulnerability for one of the above goals and more. They are currently using this code against their targets, trying to compromise their systems and gain a foothold on their networks. This means that Apple users – particularly iPhone, Mac, and iPad users – should exercise extra caution when clicking links in email and social media messages, and when downloading attachments. Email is the most popular attack vector these days, and the likelihood of malware being proliferated this way is quite high.
So far this year, Apple has fixed ten zero-day bugs affecting its iPhones, Macs, and iPads, all of which have been abused in the wild. These include CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439, which were used to install spyware on iPhones via the iMessage app. The spyware allowed threat actors to triangulate the location of the target endpoint. In addition, Apple fixed CVE-2023-28206 and CVE-2023-28205, two vulnerabilities used to install spyware on devices belonging to “high-risk” targets.
What have others said about this?
On Apple Insider, a user complained that the patch broke their device:
“Just applied Rapid Security Response. It broke Facebook on Safari. Before the update, loading Facebook in Safari for macOS worked fine. After the update, when loading Facebook in Safari for macOS, a warning appears: “Unsupported browser. You are using a browser that is not supported by Facebook. So we’ve redirected you to a simpler version to give you the best experience.” And yes. It’s a stripped down version of Facebook.”
Another user chimed in, suggesting that the threat actors were actually exploiting the vulnerability via Facebook. They have a valid point of view, considering that in the first reports, arbitrary code execution occurred when victims were processing “specially engineered web content”.
“I suspect they are using Facebook to exploit the vulnerability, which is why FB is being ‘downgraded’. However, the FB on Safari is horrible,” they said.
Cybersecurity company SlowMist tweeted about the vulnerability and urged its readers to apply the patch immediately: “Given the high risk associated with this vulnerability, we strongly recommend updating your devices as soon as possible!” the tweet reads.
go deeper
If you want to learn more, be sure to check out our in-depth guide best antivirus programsas well as best malware removal Software. Further reading may include: best firewallsAnd best endpoint protection services Today.
