Following the release of iOS 16.5.1, iPadOS 16.5.1, and macOS 13.4.1 in June, Apple pushed an (a) update to each under its Rapid Security Response system. There are no new features and the update seemingly contains just a single patch. After reports that the update broke functionality in popular apps, Apple pulled the update and issued an advisory with instructions on how to remove it.
Now, Apple has re-issued the update as iOS 16.5.1 (c) and macOS 13.4.1 (c).
Apple’s security page describes the flaw:
WebKit
- Available for: iOS 16.5.1 and iPadOS 16.5.1 and macOS Ventura 13.4.1
- Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: The issue was addressed with improved checks.
- CVE-2023-37450: an anonymous researcher
In other words, there’s a way for bad actors to create web content that can make your iPhone, iPad, or Mac run whatever they want. And this flaw seems to have already been used in the wild, hence the emergency need for the patch.
Apple pushed its first Rapid Security Response update in May for iOS 16.4, iPadOS 16.4, and macOS 13.3, though it didn’t divulge the contents until a couple of weeks later. So it’s possible that this update contains other fixes that Apple isn’t declaring yet.
To update your device when it reappears, go to the Settings app on your iPhone or iPad, tap General, then Software Update, and then Download and Install. On your Mac, head over to System Settings, then select General and Software Update.