Security News > 2023 > July > Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450)
Apple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.
The vulnerability has also been fixed with a regular security update in Safari, so users running macOS Big Sur and macOS Monterey can also implement the fix.
In May 2023, Apple started delivering Rapid Security Response updates to owners of Apple smartphones, tablets and computers running the latest versions of iOS, iPadOS, and macOS. "They deliver important security improvements between software updates - for example, improvements to the Safari web browser, the WebKit framework stack or other critical system libraries. They may also be used to mitigate some security issues more quickly, such as issues that may have been exploited or reported to exist," Apple has explained.
If you haven't opted for their automatic installation, you should trigger the update process as soon as possible, since CVE-2023-37450 is probably being exploited to deliver malware.
"Speed matters in business, especially when it comes to securing its digital assets. With its Rapid Security Response updates, Apple has set the industry benchmark for not only addressing security vulnerabilities swiftly, but also rolling out these updates across millions of devices. Further, enabling automatic updates ensures that, for most customers, these security updates are applied without any action from the end user," says Debrup Ghosh, Senior Product Manager at Synopsys Software Integrity Group.
"Although development and security teams, whether at Apple or an emerging software startup, strive to eliminate as many vulnerabilities as possible, they can often still be found in software released to production. However, what really matters is how quickly an organization can move to fix and remediate these vulnerabilities to prevent or mitigate active exploits, and Apple's Rapid Security Updates seem to be an effective and efficient method towards achieving that goal."
News URL
https://www.helpnetsecurity.com/2023/07/11/cve-2023-37450/
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-27 | CVE-2023-37450 | The issue was addressed with improved checks. | 8.8 |