On May 2, Apple released the first Rapid Security Response update for iOS 16.4, iPadOS 16.4, and macOS 13.3. Apparently, Apple was in such a rush to release the update (hence the “Rapid”) that they didn’t want to wait for iOS 16.5 and macOS 13.4, which came out just two weeks later. It wasn’t revealed at the time what was fixed, but now we know.

However, the security notes for Thursday’s iOS 16.5, iPadOS 16.5, and macOS Ventura 13.4 updates provide details about the fixes in the Rapid Security Response update. You can read the full security notes online, but we’ve pulled the fixes specific to the Rapid Security Response update below. All three devices received the same fixes, and they are now also available for macOS Monterey and Big Sur, as well as iOS 15.

webkit

  • Influence: The processing of web content may result in the disclosure of confidential information. Apple is aware of a report of possible active exploitation of this issue.
  • Description: Reading out of range was addressed with improved input validation.
  • Bugzilla webkit: 254930
  • CVE-2023-28204: anonymous researcher

webkit

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Influence: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  • Description: A use after free issue was addressed with improved memory management.
  • Bugzilla webkit: 254840
  • CVE-2023-32373: anonymous researcher

What is Security Rapid Response?

Apple introduced Rapid Security Responses at WWDC last year, but the first use of the feature didn’t happen until earlier this month. This feature is used when Apple needs to release urgent security updates for iPhone, iPad, and Mac, and it won’t include items that are in typical OS updates, such as new features or bug fixes.

For Rapid Security Responses to work, your device must be running the latest OS version. Automatic installation is enabled by default, and Rapid Security Response updates are marked with a letter at the end of the version number. For example, the first iOS update is iOS 16.4.1(a).

To enable/disable quick security responses:

  • iPhone/iPad: Go to Settings > General > Software update > Automatic updates. Toggle the “Security responses and system files” radio button.
  • In system settings, click General in the sidebar. In the main window, click Software update. Click the “i” icon next to “Automatic Updates”, then toggle the “Install Security Responses and System Files” radio button.