Wednesday, November 27

Apple issued new emergency updates to address a “zero-day” exploit that was being used to launch attacks on iPhones, iPads, and Mac computers, but it said a day later that the updates are causing some websites to not display properly and suggested users remove it.

According to Apple support documentation posted on Tuesday, the company is planning to release new updates to address this issue in the near future. Apple did not provide an explanation as to why the affected websites were prevented from loading correctly.

“Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly,” it said.

On Mac computers or laptops, users can choose the Apple menu, click About this Mac, click More Information, and then under MacOS, click the Info (i) button next to the MacOS version number. Click “Remove and Restart” before clicking again to confirm.

The Cupertino, California-based tech giant added that a new version of the updates will soon be available. It did not say when.

“Processing web content may lead to arbitrary code execution,” said Apple’s update, adding that an anonymous researcher found the bug. “Apple is aware of a report that this issue may have been actively exploited.”

Apple also noted that “for the protection of our customers, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available.”

The fix was released Monday as part of Apple’s Rapid Security Response initiative that it releases for iPhones, iPads, and Macs that intends to deliver emergency bugfixes more frequently.

“Rapid Security Responses are a new type of software release for iPhone, iPad, and Mac,” according to Apple. “They deliver important security improvements between software updates—for example, improvements to the Safari web browser, the WebKit framework stack, or other critical system libraries. They may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist ‘in the wild.’”

Apple has fixed a handful of “zero-day” flaws in the past several months, including one in April when the firm issued a warning about two errors that were being exploited on iOS, iPadOS, and MacOS. Around the same time, Amnesty International, the human rights group, said that spyware campaigns were using iOS and Android zero-day exploits to target victims around the world.

In May, the federal Cybersecurity & Infrastructure Security Agency (CISA) ordered other government agencies to address several patched flaws that impacted iPhones, iPads, and Macs that were known to be exploited in recent attacks.

Days later, Russian officials alleged Apple deliberately provided the U.S. National Security Agency with a backdoor that the spy agency can use to infect iPhones in the country with malware. The Federal Security Service, or FSB, claimed “anomalies were identified that are specific only to users of Apple mobile phones” that were allegedly caused by “previously unknown malicious software” provided by Apple.

Apple, it alleged, “provides the American intelligence services with a wide range of opportunities to control … partners in anti-Russian activities, and their own citizens.”

Exit mobile version