Apple issues Rapid Security Response for iOS 16.5.1 & macOS 13.4.1

AppleInsider

Apple has released a Rapid Security Response update for iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1 patching an exploit that was actively striking users.

Apple issues a new Rapid Security Response update

Apple's Rapid Security Response (RSR) is part of its security updates system. It's designed to quickly address significant vulnerabilities detected in Apple software without waiting for a full update.

When such vulnerabilities are discovered, Apple aims to develop and distribute security updates to protect its users rapidly. The update feature is available on iOS 16.4.1, iPadOS 16.4.1, macOS 13.3.1, and later versions.

According to Apple's security updates page, both of Monday's RSR patches a vulnerability in WebKit for all three operating systems. Apple credits an anonymous researcher with the discovery.

WebKit

• Available for: iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1


• Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.


• Description: The issue was addressed with improved checks.


• CVE-2023-37450: an anonymous researcher

Apple devices are configured to implement Rapid Security Responses as the default setting automatically. If needed, users will receive a prompt to restart their device.

To enable "Security Responses & System Files" on an iPhone or iPad, navigate to Settings, then select General, followed by Software Update. From there, access Automatic Updates and ensure the toggle is turned on.

For Mac users, open the Apple menu by clicking on the Apple logo, then select System Settings. In the Settings window, click on General and Software Update, then Automatic Updates, and make sure the toggle is turned on for "Install Security Responses and system files."

Read on AppleInsider

lesterkrimbaugh

Just applied the Rapid Security Response. It broke Facebook on Safari.

Before the update loading Facebook in Safari for MacOS worked fine.

After the update loading Facebook in Safari for MacOS brings up a warning:

"Unsupported Browser
You're using a browser that isn't supported by Facebook, so we've redirected you to a simpler version to give you the best experience."

And, yes. It's a squished down version of Facebook.

mschwartz

lesterkrimbaugh said:

Just applied the Rapid Security Response. It broke Facebook on Safari.

Before the update loading Facebook in Safari for MacOS worked fine.

After the update loading Facebook in Safari for MacOS brings up a warning:

"Unsupported Browser
You're using a browser that isn't supported by Facebook, so we've redirected you to a simpler version to give you the best experience."

And, yes. It's a squished down version of Facebook.

Reporting the same issue here, and I have submitted a bug report to Apple via:

  https://www.apple.com/feedback/

I selected Safari as the component for the report.

You get redirected to: 

  https://m.facebook.com/?_rdr

on the desktop, which is the Facebook mobile URL, hence the compressed rendering of the page.

brianw

Yep, same for me but works with Chrome of course. Bloody nuisance I say! This digital nit-picking between rival companies is really tiresome!

netrox

mschwartz said:

lesterkrimbaugh said:

Just applied the Rapid Security Response. It broke Facebook on Safari.

Before the update loading Facebook in Safari for MacOS worked fine.

After the update loading Facebook in Safari for MacOS brings up a warning:

"Unsupported Browser
You're using a browser that isn't supported by Facebook, so we've redirected you to a simpler version to give you the best experience."

And, yes. It's a squished down version of Facebook.

Reporting the same issue here, and I have submitted a bug report to Apple via:

  https://www.apple.com/feedback/

I selected Safari as the component for the report.

You get redirected to: 

  https://m.facebook.com/?_rdr

on the desktop, which is the Facebook mobile URL, hence the compressed rendering of the page.

I suspect they're using Facebook to exploit the vulnerability hence the "downgrade" of FB. The FB on Safari is atrocious though. 

applezulu

mschwartz said:

lesterkrimbaugh said:

Just applied the Rapid Security Response. It broke Facebook on Safari.

Before the update loading Facebook in Safari for MacOS worked fine.

After the update loading Facebook in Safari for MacOS brings up a warning:

"Unsupported Browser
You're using a browser that isn't supported by Facebook, so we've redirected you to a simpler version to give you the best experience."

And, yes. It's a squished down version of Facebook.

Reporting the same issue here, and I have submitted a bug report to Apple via:

  https://www.apple.com/feedback/

I selected Safari as the component for the report.

You get redirected to: 

  https://m.facebook.com/?_rdr

on the desktop, which is the Facebook mobile URL, hence the compressed rendering of the page.

Well, the choice seems to be "Facebook" or security. I think I'll go with security.

ai-ant

netrox said:

mschwartz said:

lesterkrimbaugh said:

Just applied the Rapid Security Response. It broke Facebook on Safari.

Before the update loading Facebook in Safari for MacOS worked fine.

After the update loading Facebook in Safari for MacOS brings up a warning:

"Unsupported Browser
You're using a browser that isn't supported by Facebook, so we've redirected you to a simpler version to give you the best experience."

And, yes. It's a squished down version of Facebook.

Reporting the same issue here, and I have submitted a bug report to Apple via:

  https://www.apple.com/feedback/

I selected Safari as the component for the report.

You get redirected to: 

  https://m.facebook.com/?_rdr

on the desktop, which is the Facebook mobile URL, hence the compressed rendering of the page.

I suspect they're using Facebook to exploit the vulnerability hence the "downgrade" of FB. The FB on Safari is atrocious though. 

You’re not kidding, atrocious is an understatement. Looks terrible. Yes the update broke FB on my iPad Pro (12.9-inch)

edited July 2023

dominikhoffmann

Has it gotten pulled by Apple?

mikepheiffer

Are we sure an RSR was put out for iPadOS and macOS too? Neither of my iPads and neither of my Macs have an update waiting. Only my iPhone had an update which I've already applied. 

NEVERMIND: from Macrumors: "Update: Apple has pulled the RSRs because they caused a bug with Safari." I must have installed the iOS version before it was pulled or maybe that one wasn't pulled? Who knows. 

edited July 2023

lesterkrimbaugh

And completely break the browser version of Zoom, which is NOT a small issue.

mschwartz

For those still reading this article and the comments, Apple pulled the RSRs late yesterday and there are instructions for iOS and macOS to remove them here:

https://appleinsider.com/articles/23/07/11/apple-pulls-latest-rapid-security-response-updates