Re-released Apple WebKit Zero-Day Patch Fixes Website Breaking

Apple has recently released new Rapid Security Response (RSR) patches to fix a zero-day vulnerability. This vulnerability has been exploited in attacks and affects iPhones, Macs, and iPads that have been fully patched.

The zero-day vulnerability has been tracked as CVE-2023-37450, and this vulnerability was identified by an anonymous cybersecurity researcher.

As a prompt response, Apple recently published a Rapid Security Responses (RSR) advisory for iOS and macOS.

The new Rapid Security Response (RSR) program if Apple rolls out a second patch, fixing a critical zero-day flaw across various Apple products like:-

  • iOS for iPhone
  • iPadOS for iPad
  • macOS Ventura for Mac
  • Safari for macOS Big Sur and Monterey

Apple WebKit Zero-Day Flaws

Apple’s silence leaves the reason undisclosed, but Safari glitches emerged after user-agent detection failure for Zoom, Facebook, and Instagram, impacting website rendering.

Rapid Security Response updates swiftly deliver zero-day fixes for iPhones and Macs, prioritizing critical patches over regular OS updates for user protection.

RSR updates alter user agents on iOS devices, appending the “(a)” string to the new updates as follows:-

  • iOS 16.5.1 (a)
  • iPadOS 16.5.1 (a)
  • macOS Ventura 13.4.1 (a)

Soon after Apple’s patch release for CVE-2023-37450, users encountered access errors on several websites post-installation, prompting complaints.

Apple acknowledges Rapid Security Responses impacting website display, so they will soon fix it with the upcoming updates:-

  • iOS 16.5.1 (b)
  • iPadOS 16.5.1 (b)
  • macOS 13.4.1 (b)

Remove Buggy Security Update

While the users who have already installed the buggy security updates on their Apple devices and while browsing the web face any issues, make sure to remove the updates from your device.

To do so, you have to follow the simple steps that we have mentioned below:-

  • Open the Settings app on your iPhone or iPad.
  • Scroll down and tap on “About.”
  • Look for the “iOS Version” option and tap on it.
  • On the iOS Version page, locate and tap on “Remove Security Response.”
  • A confirmation prompt will appear. Tap on “Remove” to confirm the action.
  • That’s it; now you are done.

The below-mentioned steps are for Mac:-

  • First of all, you have to click on the Apple logo or menu located in the top left corner of the screen.
  • From the dropdown menu, select “About This Mac.”
  • In the “About This Mac” window, click on “More Information.”
  • Next to the macOS version number, you will see an Info (i) button. Click on it.
  • A new window will appear with additional details about the macOS version.
  • In the new window, look for the “Remove” option and click on it.
  • A confirmation dialog box will appear. Click on “Remove” to confirm the action.
  • Once the removal process is complete, now you will be prompted to restart your Mac.
  • Click on “Restart” to restart your Mac.
  • That’s it now, you are done.

Apple’s WebKit browser engine carries this zero-day flaw (CVE-2023-37450), enabling arbitrary code execution through targeted web pages with manipulated content.

In total, there are ten zero-day vulnerabilities that were fixed by Apple this year for its following product line:-

  • iPhones
  • Macs
  • iPads

Zero-days Fixed this Year by Apple

Here below, we have mentioned all the Zero-days fixed this year by Apple this year:-

Apple’s flawed Rapid Security Responses risk user resistance if issues persist, damaging the intended purpose of swift patch deployment.

Tushar Subhra

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID…

1 day ago

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google…

1 day ago

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by…

1 day ago

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers,…

1 day ago

Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features

Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for…

1 day ago

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges

A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security…

1 day ago