Apple has re-released Rapid Security Response updates for iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1 to patch a security exploit that could allow attackers to execute arbitrary code on devices. The exploit affects WebKit, which Safari and other Apple apps use to render web content.
An anonymous researcher first reported it, and Apple has confirmed that it is aware of reports that the vulnerability has been actively exploited.
The re-released Rapid Security Response addresses the exploit by improving checks for malicious web content. Apple emphasized that users who have already installed Rapid Security Response iOS 16.5.1 (a) will need to install the new version (c) to be protected. In its blog post, Apple says:
Rapid Security Responses iOS 16.5.1 (c) and iPadOS 16.5.1 (c) include the security content of Rapid Security Responses iOS 16.5.1 (a) and iPadOS 16.5.1 (a) and fix an issue that prevents some websites from displaying correctly.
This is the second time Apple has had to re-release Rapid Security Response iOS 16.5.1. The first time was on July 11, when Apple released a version of the update that prevented some websites from displaying properly.
RSR updates have been introduced as compact patches that address security issues between major software updates on its OSes. They provide critical security fixes to help users address emerging threats on time.
iPhone or iPad: Go to Settings > General > Software Update > Automatic Updates, then make sure that "Security Responses & System Files" is turned on.
Mac: Choose the Apple menu > System Settings. Click General in the sidebar, then click Software Update on the right. Click the Show Details button next to Automatic Updates, then make sure that "Install Security Responses and System Files" is turned on.
Users of affected devices are encouraged to install the new Rapid Security Response as soon as possible to protect themselves from the exploit.