Apple’s recent patch rollout to address a zero-day security vulnerability has hit a roadblock, as users are reporting that certain websites are breaking in Safari after installing the updates. The vulnerability, known as CVE-2023-37450, resides in Apple’s WebKit browser engine and allows arbitrary code execution. It can be exploited through drive-by attacks by tricking users into visiting malicious websites.
Apple issued Rapid Security Response (RSR) advisories on Monday, urging users to update their devices and browsers. The updates included iOS and iPadOS 16.5.1, macOS 13.4.1, and Safari 16.5.2. Security experts stressed the importance of patching quickly, as these exploits are typically executed silently, making it difficult for victims to know if they have been targeted.
However, in an unexpected turn of events, users began experiencing issues with Safari after installing the patches. Numerous reports surfaced on the official macOS Support Community and the MacRumors user forum, stating that applications like Facebook, Instagram, WhatsApp, and Zoom were displaying “Unsupported Browser” errors in Safari. Users identified the extra “(a)” in the version number as the cause of the problem, as it interfered with the platforms’ user-agent detection.
Following the complaints, MacRumors reported that Apple had withdrawn the updates. Some users even noticed that the latest patches were no longer available for installation. However, Apple has not commented on these reports and did not provide immediate clarification on the status of the patch process. The patches are still listed on the company’s security advisory and RSR page.
Security experts remarked that the rapid nature of these patches could have contributed to the unexpected website malfunction. Apple’s RSR emergency update protocol, introduced earlier this year, aims to deliver single-issue fixes promptly, rather than bundling them in periodic updates. However, this marks the second time the RSR has faced issues, as the first RSR update did not install properly on iPhones. It seems that Apple is still refining the process to ensure seamless patch deployment.
While users grapple with the Safari issues, the risk of ongoing exploitation of the zero-day vulnerability remains. iPhone users are urged to reboot their devices daily as a precautionary measure since most threats struggle to maintain persistence on iOS. Additionally, Apple’s Lockdown Mode, available on all platforms, can help mitigate some of these exploits by blocking web-based scripts and risky message attachment types.
In conclusion, Apple’s urgent patch to address the zero-day vulnerability has inadvertently caused website malfunctions in Safari. The company has faced criticism for its rapid patch deployment strategy, as these updates have experienced glitches in the past. However, users are reminded of the importance of promptly installing security updates to safeguard their devices against potential exploits. Apple’s ongoing efforts to refine its patching process will likely result in more seamless updates in the future.