Apple released an emergency bug fix, known as the Rapid Response patch, to address a web-browsing security hole used in real-world spyware attacks. The bug, identified as CVE-2023-37450, could lead to arbitrary code execution and had reportedly been actively exploited. The attack involved a look-and-get-pwned technique, where simply viewing a malicious web page could invisibly implant malware on the device without clicking or approving any pop-ups.
The update fixed the WebKit bug and another kernel-level code execution bug, identified as CVE-2023-38606. These updates were released for various Apple operating systems, including iOS, iPadOS, macOS, tvOS, and watchOS.
Users are advised to promptly download and install these updates to protect against known and potential exploits. Additionally, these updates addressed other cybersecurity flaws, including elevation-of-privilege bugs and data leakage flaws. It is crucial to keep Apple devices up to date to safeguard against current and future threats.