Apple has issued a Rapid Security Response (RSR) update to fix a zero-day vulnerability that reportedly affects fully-patched Apple devices, including iPhones, Macs, and iPads. The flaw, tracked as CVE-2023-37450, is an arbitrary code execution bug in the WebKit browser engine, which could allow threat actors to run malicious code on targeted devices by tricking victims into visiting malicious websites.
Apple’s security advisory stated that the company is aware that the vulnerability may have been actively exploited. To address the issue, Apple implemented improved checks to mitigate the exploitation attempts.
Initially, the patch was released for macOS Ventura 13.4.1 (a), iOS 16.5.1 (a), iPadOS 16.5.1 (a), and Safari 16.5.2. However, there were reports of Apple pulling some updates due to a bug in Safari, though the exact extent of the pulled updates is yet to be confirmed.
Given that the vulnerability has been used in real-world attacks, it is essential for users to apply the patch promptly. Users with automatic updates and RSR turned off will receive the patch with future software upgrades.
Arbitrary code execution is a severe vulnerability as it allows threat actors to cause significant damage to target endpoints and networks. By exploiting this flaw, attackers can gain unauthorized access to data, escalate privileges, install malware, create backdoors, and more. To protect against such threats, companies are advised to regularly update their software and hardware, implement strong access controls, and conduct regular system audits.
So far this year, Apple has patched ten zero-day vulnerabilities, all of which were actively exploited in the wild. Apple users should be cautious when clicking on links in emails and social media messages, and when downloading attachments, as email remains a popular attack vector for distributing malware.
Users who have applied the patch have reported issues with certain applications like Facebook on Safari. Some users speculate that the threat actors may have exploited the flaw through Facebook, considering the initial reports of “specially crafted web content” being used to achieve arbitrary code execution.
Cybersecurity experts from SlowMist have emphasized the urgency of applying the patch immediately, given the high-risk nature of the vulnerability.
