Jump to content
  • Apple releases, quickly pulls Rapid Security Response update for 0-day WebKit bug


    Karlston

    • 540 views
    • 3 minutes
     Share


    • 540 views
    • 3 minutes

    Update for iOS 16, macOS Ventura can be uninstalled if you're having problems.

    Yesterday, Apple published a new Rapid Security Response update for iOS 16, iPadOS 16, and macOS Ventura to patch yet another actively exploited WebKit code execution bug. But shortly after installation, users began having issues accessing certain websites, and Apple has apparently pulled the update to fix the problem.

     

    According to MacRumors, affected sites include Facebook, Instagram, WhatsApp, and Zoom, which began showing warning messages about not being supported following the update.

     

    Luckily for anyone who has installed it, Rapid Security Response updates can be removed just as quickly as they were installed; on iOS, navigate to the About page in the Settings app, tap on your iOS version, and then tap “Remove Security Response.”

     

    IMG_7831.jpeg
    Removing a Rapid Security Response update on an iPhone running iOS 16.5.1.
    Andrew Cunningham

    The benefit of Rapid Security Response updates is that they’re small in size and quick to install. The updates Apple has released so far have required a restart on my devices, but total downtime was much less than it was for a typical software update. This is because Apple has stored many Safari and WebKit components outside of the main Signed System Volume (SSV), a tamper-proof read-only volume for most system files that must be mounted separately, patched, and re-sealed every time most system updates are installed.

     

    The downside of Rapid Security Response updates is that they may not be tested as thoroughly as some system updates; Apple is currently on its fifth developer betas of iOS 16.6 and macOS 13.5, and both updates have been in testing since mid-May. Though you’ll typically want to install them quickly because the bugs they’re patching tend to be severe, you may occasionally run into problems.

     

    IMG_7832.jpeg
    After a restart, the OS will let you know that the update has been removed.
    Andrew Cunningham

    WebKit vulnerabilities in iOS tend to be especially severe since any app that wants to render web content needs to use a webview powered by the built-in WebKit engine used by Safari. This includes third-party browsers like Google Chrome, Mozilla Firefox, and Microsoft Edge, which can’t use their own native rendering engines on iOS or iPadOS the way they can on macOS, Windows, or other platforms. Apple has long maintained that this restriction improves security on the platform.

     

    Apple announced the Rapid Security Response feature as part of iOS 16 and macOS Ventura last June but didn't actually start using the feature publicly until a couple of months ago. When contacted for comment, an Apple spokesperson pointed us to this support document, which says that new iOS/iPadOS 16.5.1 (b) and macOS 13.4.1 (b) Rapid Security Response updates will be available to resolve the issues soon.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...