Apple has released a series of Rapid Security Response (RSR) updates to address a new zero-day vulnerability, which is being actively exploited. The bug affects iPhones, Macs and iPads, potentially compromising the security and integrity of these devices.
The vulnerability, identified as CVE-2023-37450, was reported by an anonymous security researcher. According to Apple's advisories for iOS and macOS, the company knows the issue is being actively exploited.
The recently discovered vulnerability resides in WebKit, which is used by Apple, Mozilla and Google in iOS, and can be exploited by tricking users into visiting web pages containing specially crafted content. This exploit could allow attackers to execute arbitrary code on targeted devices, potentially compromising users' privacy and security.
They deliver important security improvements between software updates... They may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist "in the wild."
Apple highlighted that New Rapid Security Responses are delivered only for the latest iOS, iPadOS, and macOS versions, starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1. To secure data and protect against attacks, it strongly recommends that users apply the RSR patches.
RSR patches have been introduced as compact updates that address security issues between major software updates on its OSes. They provide critical security fixes to help users address emerging threats on time.
In some instances, Apple may give out-of-band security updates to address vulnerabilities actively exploited by hackers.
iPhone or iPad: Go to Settings > General > Software Update > Automatic Updates, then make sure that "Security Responses & System Files" is turned on.
Mac: Choose the Apple menu > System Settings. Click General in the sidebar, then click Software Update on the right. Click the Show Details button next to Automatic Updates, then make sure that "Install Security Responses and System Files" is turned on.
You can check more details about a specific Rapid Security Response in the Apple security patch notes.