Apple has released a crucial security update overnight, after the firm was warned that users’ data may have been “actively exploited”.
The vulnerability, which emerged in iOS 16.5.1, iPadOS 16.5.1 and macOS Ventura 13.4.1, spurred a Rapid Security Response (RSR) – only the second time Apple has resorted to an RSR patch in its history.
“Apple is aware of a report that this issue may have been actively exploited,” the company said in advisories when describing the vulnerability, which was first reported by an anonymous security researcher.
The new security update will prevent a cyber bug Apple has named CVE-2023-37450 – which experts believe could be abused to trigger an “arbitrary code execution” while users browse the web.
An arbitrary code execution allows cyber criminals to run commands or code on a target machine, giving them control over the victim’s device.
Apple released the security update to fix the issue overnight and is urging all users to download it immediately.
Jamie Brummell, security researcher and co-founder of security firm Socura, believes that the vulnerability is being exploited in the wild and most victims will never know they were targeted.
He said: “We know this is a serious vulnerability because Apple is using its new ‘Rapid Security Response’ targeted patching method to get the fix out there quickly.
“The fact that there are reports it is being exploited in the wild has added to the urgency. This is only the second time that Apple has resorted to an RSR patch.”
“There’s no indication yet if Apple users can check whether they’ve been targeted, or how they would check. However, these exploits are usually executed silently.
“They are effectively invisible, and the chances are that victims would never know they were targeted. Detailed forensic analysis would be needed to determine whether a device had been targeted after the fact.”
It comes shortly after Apple released another update for iOS and iPadOS 16, after a spyware threat which could expose personal photos and videos to criminals was uncovered.
How to download the update
Users can update their software by visiting their Settings app and selecting ‘General’ -> ‘Software Update’, and then following the instructions given.
The National Cyber Security Centre (NCSC) advises that if you receive a prompt to update your device, do not ignore it.
Applying these updates is one of the most important things you can do to keep yourself safe online.
You can also turn on “automatic updates” in your device’s settings, if available, to avoid having to remember to apply updates.
More security information is available on the NCSC website.