Apple urgently releases new patches for WebKit after withdrawing previous ones
The company has fixed the display issue of some sites, all users are advised to update their devices as soon as possible.
Apple released patched versions of emergency security updates that fix a vulnerability in webkitactively exploited by attackers. Initial patches were withdrawn on Monday due to display issues with some sites in the web browser safari.
“Apple is aware of an issue where recent emergency security updates may prevent some sites from displaying properly,” the company said on Tuesday.
The company added that it would release patched versions of the updates soon and advised customers to uninstall them if they experienced problems browsing the web after the update.
Although Apple did not disclose the reason why some sites did not display correctly after installing iOS 16.5.1(a), iPadOS 16.5.1(a) and macOS 13.4.1(a), this was likely because the new Safari user ID containing the string “(a)” prevented sites from identifying it as a valid version of Safari, causing “browser not supported” errors.
Apple today began rolling out security updates to iOS 16.5.1(c), iPadOS 16.5.1(c), and macOS 13.4.1(c) that address web browsing issues.
Apple uses emergency security updates to fix issues affecting iPhone, iPad, and Macand to quickly fix vulnerabilities actively exploited in attacks between major OS releases.
Vulnerability with zero day ( CVE-2023-37450 ), which was fixed yesterday, affects the WebKit browser engine and allows attackers to execute arbitrary code, forcing victims to open malicious web pages.
“This emergency security update contains important security fixes and is recommended for all users,” Apple warns.
Since the beginning of 2023, the company has already fixed ten zero-day vulnerabilities exploited to hack iPhone, Mac or iPad:
- three zero-day vulnerabilities ( CVE-2023-32434 , CVE-2023-32435 And CVE-2023-32439 ) in June;
- three more zero-day vulnerabilities ( CVE-2023-32409 , CVE-2023-28204 And CVE-2023-32373 ) in May;
- two zero-day vulnerabilities ( CVE-2023-28206 And CVE-2023-28205 ) in April;
- and another zero-day WebKit vulnerability ( CVE-2023-23529 ) in February.