CVE-2023-37450 - Apple Released Fixes to Actively Exploited WebKit Zero Day

Apple has released an emergency update to address the vulnerability across iOS, macOS, and iPad OS platforms. For an actively exploited security flaw affecting WebKit. This critical measure aims to protect users from potential exploits and enhance the overall security of their devices.

Understanding CVE-2023-37450:

Apple has recently identified a vulnerability, known as CVE-2023-37450, which impacts the WebKit module of browsers operating on iOS 16.5.1 and macOS Ventura 13.4.1 (a) software versions, primarily affecting iPhones, iPads, and macOS. This bug has the potential to be exploited by malicious actors to initiate arbitrary code execution by manipulating web content, as reported in Apple's support documents.

WebKit Apple's Web Engine:

WebKit web browser engine created by Apple, which is utilized by several programs on macOS, iOS, and Linux, including Safari, Mail, and the App Store.

It allows attackers to execute arbitrary code execution on targeted devices by tricking the targets into opening web pages containing maliciously crafted content.

Apple’s Rapid Security Response:

Apple's “Rapid Security Response” (RSR) is an innovative software release strategy designed to provide significant security enhancements for iPhone, iPad, and Mac devices in between regular software updates.

Upon the detection of vulnerabilities, Apple promptly strives to create and deploy security updates, ensuring the protection of its users. These vital updates are accessible on iOS 16.4.1, iPadOS 16.4.1, macOS 13.3.1, and subsequent versions, offering enhanced security measures.

A Closer Look at the Remediation Process:

Rapid Security Responses (RSR) release updates for iPhone, iPad, and Mac devices. RSR aims to provide essential security enhancements in between regular software updates, focusing on critical areas such as the Safari web browser, the WebKit framework stack, and other vital system libraries. This proactive approach ensures that users receive timely security improvements to safeguard their devices and data.

RSR Update

Affected Versions

Released Date

Rapid Security Response
iOS 16.5.1 (a) & iPadOS 16.5.1 (a)

iOS 16.5.1 and iPadOS 16.5.1

10 Jul 2023

Rapid Security Response

macOS Ventura 13.4.1 (a)

macOS Ventura 13.4.1

10 Jul 2023



Contributed by Sharanu Kalyan

Post a Comment