On May 2, Apple issued its first Rapid Security Response update for iOS 16.4, iPadOS 16.4, and macOS 13.3. Apparently, Apple was in such a rush to issue the update (hence the “Rapid”) that it didn’t want to wait for iOS 16.5 and macOS 13.4, which landed just two weeks later. At the time, it didn’t divulge what was fixed, but now we know.
However, the security notes for the iOS 16.5, iPadOS 16.5, and macOS Ventura 13.4 updates released on Thursday include the details on the fixes in the Rapid Security Response update. You can read the complete security notes online, but we’ve pulled out the fixes specific for the Rapid Security Response update below. All three devices received the same fixes, and now they’re also available for macOS Monterey and Big Sur, as well as iOS 15.
- Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds read was addressed with improved input validation.
- WebKit Bugzilla: 254930
- CVE-2023-28204: an anonymous researcher
- Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A use-after-free issue was addressed with improved memory management.
- WebKit Bugzilla: 254840
- CVE-2023-32373: an anonymous researcher
What is Rapid Security Response?
Apple introduced the Rapid Security Responses at WWDC last year but the first use of the feature didn’t happen until earlier this month. This feature is used when Apple need to issue urgent updates to protect the security of iPhones, iPads, and Macs, and it won’t include items that are in typical OS updates, such as new features or bug fixes.
A device must be running the latest version of its OS for Rapid Security Responses to work. Automatic installation is turn on by default, and Rapid Security Response updates are labeled with a letter at the end of the version number. For example, the first iOS update is iOS 16.4.1 (a).
To turn on/off Rapid Security Responses:
- iPhone/ iPad: Go to Settings > General > Software Update > Automatic Updates. Flip the switch for “Security Responses & System Files.”
- In System Settings, click General in the sidebar. In the main window, click Software Update. Click the “i” icon next to Automatic Updates, then flip the switch for “Install Security Responses and system files.”