Apple fixed and re-released emergency security updates addressing a WebKit zero-day vulnerability that was exploited in attacks and fixed the issue that prevented some websites from displaying properly.

The released security updates fix a zero-day vulnerability:

• CVE-2023-37450

Security Risks

The identified zero-day vulnerability in WebKit poses a significant security risk. Exploiting this vulnerability allows attackers to execute arbitrary code by tricking users into opening maliciously crafted web pages. It's crucial to promptly update systems with the provided patch to mitigate the risk of potential attacks.

For the full list of security updates released by Apple, please refer to Apple Security Updates.  

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed Apple software in order to continue receiving technical support and security patches.

The released software versions to upgrade to are the following:

• Safari 16.5.2 :  for macOS Big Sur and macOS Monterey.

• Rapid Security Response iOS 16.5.1 (c) and iPadOS 16.5.1 (c) : for iOS 16.5.1 and iPadOS 16.5.1

• Rapid Security Response macOS Ventura 13.4.1 (c) : for macOS Ventura 13.4.1

2. Enable background updates or automatic updates

3. Before any update task, ensure you have backup for your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

Apple Security Updates

https://support.apple.com/en-us/HT201224