“This Rapid Security Response provides important security fixes and is recommended for all users” – Apple’s security update
The vulnerability was first reported by an anonymous security researcher after being found in Apple Safari’s WebKit browser engine, and is currently believed to be being exploited.
However, Apple withdrew the update shortly after it was originally issued.
Why was Apple Security Update Withdrawn?
The update appears to have been removed after users reported issues with using Safari after installing the latest patch – specifically, sites including Facebook, WhatsApp, Instagram, Zoom and others issued warnings about not being supported by the Safari browser.
Following this, Apple pulled the Rapid Security Response, presumably to iron out the Safari bug.
The update is an important one, and as such Apple is expected to reissue it as soon as the bugs have been resolved.
What is Apple’s Rapid Security Response?
Apple has patched ten zero-day vulnerabilities so far in 2023, including three bugs earlier this month which were exploited to deploy Triangulation spyware on iPhones, and two bugs in April which involved high-risk targets.
However, Apple’s Rapid Security Response is a new type of patch that has only been deployed two times in total.
According to Apple’s own statement, its new RSR response delivers “important security improvements between software updates” and may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist in the wild.”
In contrast to general security patches, RSR appears to be deployed in high-stakes, urgent situations, when targets are already being exploited. They also require users to make updates themselves, instead of making changes to the software automatically.
