Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.
“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.
That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.
Apple explained that the issue was addressed with more stringent checks. The problem: those checks might have been too rigorous, causing some legitimate sites (Facebook, Instagram, Zoom) and other services to fail. That forced Apple to pull the security update after a few hours of release.
Update. Apple subsequently published an update explaining what happened with the update, writing:
“Apple is aware of an issue where this Rapid Security Response might prevent some websites from displaying properly. Rapid Security Response iOS 16.5.1 (b) and iPadOS 16.5.1 (b) will be available soon to address this issue.”
What is Rapid Response?
Announced at WWDC 2022 and active as of the beginning of 2023, Rapid Security Response updates are small, quick-to-install security patches that can be distributed and downloaded automatically across Apple’s platforms.
The idea is that these small installs let the company maintain a high degree of security across all its platforms, as users get to install these intermediary patches as well as standard software updates. This accelerates patching.
Debrup Ghosh, senior product manager at Synopsys Software Integrity Group, said in a statement:
“With its Rapid Security Response updates, Apple has set the industry benchmark for not only addressing security vulnerabilities swiftly, but also rolling out these updates across millions of devices. Further, enabling automatic updates ensures that, for most customers, these security updates are applied without the any action from the end user.”
However, in this case, it is possible some devices might have been automatically updated to the flawed software.
How to check whether the update is installed
If you have enabled your device to install security responses automatically, you might want to check whether you have already installed the problematic one.
Apple has an explanation of how do this, but in essence it tells you to open Settings on your device, tap General, About, and then tap on the version of your operating system. If you see a “Remove Security Response” button, the update is installed but can be removed to get WebKit working properly again. Apple should already have notified you the update is installed.
That said, in some cases the benefits of protecting Apple devices against this kind of zero-day attack could outweigh the inability to use apps like Facebook or Zoom.
High-value…
2023-07-11 21:24:02
Post from www.computerworld.com rnrn