Security News > 2023 > July > Apple silently pulls its latest zero-day update – what now?

Apple's offical upgrade pathway at least for its mobile devices, has always been to supply full, system-level patches that can never be rolled back, because Apple doesn't like the idea of users deliberately downgrading their own systems in order to exploit old bugs for the purpose of jailbreaking their own devices or installing alternative operating systems.

As a result, even when Apple produced emergency one-bug or two-bug fixes for zero-day holes that were already being actively exploited, the company needed to come up with what was essentially a one-way upgrade, even though all you really needed was a minmalistic update to one component of the system to patch a clear and present danger.

Commenters on Naked Security started reporting that the update was no longer showing up when they used Settings > General > Software Update to try to update their devices.

We suggest, if you already have the update, that you don't remove it unless it genuinely interferes with your ability to use your phone with the websites or apps you need for work, or unless your own IT department explicitly tells you to roll back to the "Non-(a)" flavour of macOS, iOS or iPadOS. After all, this update was deemed suitable for a rapid response because the exploit it fixes is an in-the-wild, browser-based remote code execution hole.

Commenters have suggested that the patch simply doesn't get reported when they try from an unpatched device, but we haven't tried re-patching a previously-patched device to see if that gives you a magic ticket to fetch the update again.

If you've already downloaded macOS 13.4.1 or iOS/iPadOS 16.5.1, keep the update unless you absolutely have to get rid of it, given that it's securing you against a zero-day hole.

News URL

https://nakedsecurity.sophos.com/2023/07/11/apple-silently-pulls-its-latest-zero-day-update-what-now/