{"id":22426,"date":"2023-07-11T08:30:17","date_gmt":"2023-07-11T16:30:17","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/07\/11\/news-16156\/"},"modified":"2023-07-11T08:30:17","modified_gmt":"2023-07-11T16:30:17","slug":"news-16156","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/07\/11\/news-16156\/","title":{"rendered":"Apple's disappearing Rapid Security Response update"},"content":{"rendered":"

<\/p>\n

Apple on Monday distributed its latest Rapid Security Response update<\/a>\u00a0to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.<\/p>\n

\u201cApple is aware of a report that this issue may have been actively exploited,\u201d the company said in its security note.<\/p>\n

That\u2019s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution<\/a>.<\/p>\n

Apple explained that the issue was addressed with more stringent checks. The problem: those checks might have been too<\/em> rigorous, causing some legitimate sites (Facebook, Instagram, Zoom) and other services to fail. That forced Apple to pull the security update after a few hours of release.<\/p>\n

Announced at WWDC 2022<\/a> and active as of the beginning of 2023, Rapid Security Response updates<\/a> are small, quick-to-install security patches that can be distributed and downloaded automatically across Apple\u2019s platforms.<\/p>\n

The idea is that these small installs let the company maintain a high degree of security across all its platforms, as users get to install these intermediary patches as well as standard software updates. This accelerates patching.<\/p>\n

Debrup Ghosh, senior product manager at Synopsys Software Integrity Group<\/a>, said in a statement:<\/p>\n

\u201cWith its Rapid Security Response updates, Apple has set the industry benchmark for not only addressing security vulnerabilities swiftly, but also rolling out these updates across millions of devices. Further, enabling automatic updates ensures that, for most customers, these security updates are applied without the any action from the end user.\u201d<\/p>\n

However, in this case, it is possible some devices might have been automatically updated to the flawed software.<\/p>\n

If you have enabled your device to install security responses automatically, you might want to check whether you have already installed the problematic one.<\/p>\n

Apple has an explanation of how do this<\/a>, but in essence it tells you to open Settings on your device, tap General, About, and then tap on the version of your operating system. If you see a “Remove Security Response” button, the update is installed but can be removed to get WebKit working properly again. Apple should already have notified you the update is installed.<\/p>\n

That said, in some cases the benefits of protecting Apple devices against this kind of zero-day attack could outweigh the inability to use apps like Facebook or Zoom.<\/p>\n

High-value targets, human rights workers, politicians, journalists or other frequently targeted individuals might prefer to leave the patch installed until Apple releases a follow up patch without these problems. Apple will no doubt release a patch that works quite soon.<\/p>\n

Apple hasn\u2019t commented on the Rapid Response removal, but it is likely to swiftly redistribute a revised version of the software.<\/p>\n

While we wait, Jamie Brummell,\u00a0Socura<\/a> co-founder and CTO, has a little security advice.<\/p>\n

\u201cOne of the only effective things iPhone users can do to defend against these zero-days attacks is to reboot daily. Gaining persistence on iPhone is extremely hard, so restarting usually kills the threat actor\u2019s code, at least until the device gets exploited again. Alternatively, iOS Lockdown mode can stop some of these exploits from working by blocking web-based scripts, risky message attachment types and more.\u201d<\/p>\n

While the appearance and disappearance of this update is unfortunate, the strength of Apple\u2019s approach is that you can uninstall a problem patch with one tap on the Remove Security Response button.<\/p>\n

It means Apple already has a system in place to help handle troublesome updates, even while it strives to ensure its platforms are protected against new threats as swiftly as possible. It\u2019s important that it does so; after all, so far this year,\u00a022% of all documented zero-day attacks<\/a> have affected Apple devices.<\/p>\n

While it is up to each user to strike a balance between security and reliability, the current security environment is complex at best, and it seems much better that the company is at least working to respond to emerging threats. Ultimately, this particular incident shows the strength of the company\u2019s unique platform protection system, though the fact the initial release was itself flawed demonstrates the complexity of fast response on any platform.<\/p>\n

In other words, life with Rapid Response might at times be a little more complicated, but the security benefits it usually provides far outweigh the risks.<\/p>\n

Please follow me on\u00a0Mastodon<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0<\/em>Apple<\/em>\u00a0Discussions<\/em><\/a>\u00a0groups on MeWe.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

\n
\n

Apple on Monday distributed its latest Rapid Security Response update<\/a>\u00a0to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.<\/p>\n

\u201cApple is aware of a report that this issue may have been actively exploited,\u201d the company said in its security note.<\/p>\n

That\u2019s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution<\/a>.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[2211,10480,10403,11271,714],"class_list":["post-22426","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple","tag-ios","tag-macos","tag-operating-systems","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22426","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=22426"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22426\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=22426"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=22426"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=22426"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}