Advisory
16 July 2023
Background
Apple users are strongly advised to install an urgent Rapid Security Response (RSR) update to address a vulnerability that impacts fully patched iPhones, Macs, and iPads. The RSR patches includes updates for the latest versions of macOS, iOS, iPadOS, and Safari.
Impact
The zero-day vulnerability (CVE-2023-37450) can be used to trigger an arbitrary code execution when processing web content, according to the support documents from Apple. When a user browses malicious web content, the flaw allows hackers to plant malware on the device, enabling them to execute malicious operating system commands.
Affected Systems
- iPhone 6s (all models)
- iPhone 7 (all models)
- iPhone SE (1st generation)
- iPad (5th generation and later)
- iPad Air (3rd generation and later)
- iPad Air 2
- iPad mini (4th generation and later)
- iPad Pro (all models) iPod Touch (7th generation)
- Macs running on macOS Big Sur, Monterey, and Ventura
Recommendations
- Update your operating system and install the latest security patches.
- Downloaded and installed the new Rapid Security Response update to ensure the utmost safety for your device.
- Enable automatic software updates by going to: Settings > General > Software update > Enable automatic updates.
References
https://www.straitstimes.com/singapore/apple-users-urged-to-update-devices-after-security-flaw-found
https://www.scmagazine.com/news/application-security/apple-emergency-zero-day-ios-macos
https://www.timesnownews.com/technology-science/update-now-apple-emergency-security-updates-2023-article-101659001
https://www.bleepingcomputer.com/news/apple/apple-releases-emergency-update-to-fix-zero-day-exploited-in-attacks/
