Update July 12, 2023: Apple has issued iOS 16.5.1 (c), iPadOS 16.5.1 (c), and macOS 13.4.1 (c) to address this critical WebKit vulnerability without breaking several popular apps.
Earlier this week, Apple pushed out “(a)” updates for iOS 16.5.1, iPadOS 16.5.1, and macOS 13.4.1, using the Rapid Security Response system launched at the start of May. These emergency updates appear to have been intended to patch a single WebKit flaw that had reportedly been actively exploited.
The odd thing, however, was that Apple then pulled the update just hours after it appeared. And now we have a clearer idea of why.
In a new support document, the company addresses users who applied the updates, acknowledging that it is “aware of” of a problem that “might prevent some websites from displaying properly.” It might be argued that this downplays the severity of the bug, which according to reports from forum users “broke certain apps such as Facebook, Instagram, Zoom to name a few.”
In terms of solutions, Apple offers the simple remedy of removing the updates, and offers simple instructions in the support document. On iPhone or iPad, you should open the Settings app then go to About > iOS Version, tap Remove Security Response then tap Remove to confirm. On a Mac you need to go to the Apple menu > About this Mac, click More Info, then under macOS, click the Info button next to the version number. Click Remove and Restart then confirm.
Users may feel ambivalent about removing a patch which had been deemed sufficiently urgent to merit a Rapid Security Response, but Apple promises that (b) versions of the three updates “will be available soon to address this issue.”