Apple Issues Urgent Security Update, then Withdraws It

Not long after Apple launched its security update, it withdrew it again after Safari compatibility complaints.

Apple issued an emergency Rapid Security Response (RSR) to address a malicious zero-day vulnerability spotted in fully-patched iPhones, iPads, and Macs – and then withdrew it after it appeared to have caused a serious bug in Safari.

The update from Apple, for devices running on iOS 16.5.1, iPadOS  16.5.1, or ‌macOS Ventura‌ 13.4.1, was designed to protect users from the CVE-2023-37450 vulnerability.

The urgent RSR patch has only been issued once before in the company’s history. It is likely that it will be reissued as soon as the safari bug has been addressed.

Apple Releases Emergency Security Update, then Withdraws It

Apple released an urgent security patch to address a zero-day vulnerability that has been spotted on the latest versions of iOS, iPadOS, and macOS software.

The bug, known as CVE-2023-37450, puts un-patched users at risk of malware attacks by making it possible for bad actors to gain arbitrary code execution on targeted devices.

Stay safe and keep your personal data private

Incogni by Surfshark removes your data from the web for you

“This Rapid Security Response provides important security fixes and is recommended for all users” – Apple’s security update

The vulnerability was first reported by an anonymous security researcher after being found in Apple Safari’s WebKit browser engine, and is currently believed to be being exploited.

However, Apple withdrew the update shortly after it was originally issued.

Why was Apple Security Update Withdrawn?

The update appears to have been removed after users reported issues with using Safari after installing the latest patch – specifically, sites including Facebook, WhatsApp, Instagram, Zoom and others issued warnings about not being supported by the Safari browser.

Following this, Apple pulled the Rapid Security Response, presumably to iron out the Safari bug.

The update is an important one, and as such Apple is expected to reissue it as soon as the bugs have been resolved.

What is Apple’s Rapid Security Response?

Apple has patched ten zero-day vulnerabilities so far in 2023, including three bugs earlier this month which were exploited to deploy Triangulation spyware on iPhones, and two bugs in April which involved high-risk targets.

However, Apple’s Rapid Security Response is a new type of patch that has only been deployed two times in total.

According to Apple’s own statement, its new RSR response delivers “important security improvements between software updates” and may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist in the wild.”

Apple Rapid Security Responses alert on MacIn contrast to general security patches, RSR appears to be deployed in high-stakes, urgent situations, when targets are already being exploited. They also require users to make updates themselves, instead of making changes to the software automatically.

How To Get the Security Update When Reissued

Fortunately, installing Apple’s RSR security update is straightforward. If you have an iPhone or iPad, all you need to do is follow the steps below:

  1. Open your “General Settings”
  2. Go to “Software Update”
  3. Depending on your device, click “Download and Install” when you see “iOS Security Response Update 16.5.1 (a)” or “iPadOS Security Response Update 16.5.1 (a)

Mac user? Follow these steps instead:

  1. Open up “System Settings” on Apple’s menu, and select “General”
  2. Go to “Software Update” and select  “macOS Security Response Update 13.4.1 (a)” as available

After you click download, the hardware will then reboot to complete the installation.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Isobel O'Sullivan (BSc) is a senior writer at Tech.co with over four years of experience covering business and technology news. Since studying Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also worked as a freelance tech researcher. Isobel’s always up to date with the topics in employment and data security and has a specialist focus on POS and VoIP systems.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals