Alarm going off on red background.

New Apple Rapid Security Response is Pulled

ByAddigy

Overview

On Monday, Jul 10, 2023, Apple released a new set of Rapid Security Release fixes, for only the second time since the RSR program began. These fixes were solely for macOS Ventura 13 and iOS 16. You can find the exact details within the links below:

Note: If you are deferring updates, that could prevent your devices from seeing these RSR Updates.

We published a detailed blog post about the introduction of these rapid security releases earlier, which you can find here. Also, we have a document that explains how you can manage these Updates here, if interested.

What Happened Next

The iOS 16.5.1, iPadOS 16.5.1, and ‌macOS Ventura‌ 13.4.1 Rapid Security Response updates fixed a WebKit vulnerability that Apple says may have been actively exploited. Unfortunately, it appears that the updates changed the Safari user agent to include an “(a),” leading some websites to break. 

The issue is that the UserAgent string added “(a),” causing a large number of websites to report an unrecognized browser and display a mobile version, or nothing at all.

What do I do now?

Apple updated the release note (https://support.apple.com/en-us/HT213825) to indicate that they are aware of this issue and pulled the release. On July 10th, Apple released 13.4.1(c), effectively fixing the previous RSR.

You can revert the RSR build if necessary, but you may want to keep the devices on the most secure patch, at the expense they cannot access certain applications.

Release Notes:

This is the first time an Apple Rapid Security Response includes release notes, however, it’s not yet confirmed if all future RSR updates will include release notes.

These vulnerabilities involve arbitrary code execution with WebKit when processing web content. It’s recommended that you update as soon as possible to avoid these actively exploited vulnerabilities. The update will require devices to restart.

Similar Posts

How to Manage FileVault Recovery Keys
|

How to Manage FileVault Recovery Keys

When managing the devices on your network, protecting organizational data is one of the most important steps to mitigate cyber risks. Fortunately, macOS devices have built-in features to make this process easier.