Skip to content

Apple silently pulls its latest zero-day update – what now? – Naked Security

Betteridge’s Law of Headlines states that any headline posed as a question can be answered with a simple “No.” While this may be a humorous observation, it is not an actual law or rule. In this case, the question of whether anyone knows when Apple will release a new update remains unanswered. Apple has not made any official statements regarding this matter. However, it is suggested to wait and see.
Recently, Apple released its second-ever Rapid Security Response (RSR) to address emergency fixes promptly, similar to how open-source projects handle zero-day patches. Unlike open-source projects, Apple’s system-level patches cannot be rolled back, as it opposes users exploiting old bugs for jailbreaking or installing alternative operating systems. The RSR process allows for rapid patches that can be installed quickly without causing significant downtime. Bugs patched temporarily via an RSR will be permanently patched in the next full version upgrade. The RSR updates are labeled with a sequence letter appended to the version number.
Shortly after advising users to update to iOS and iPadOS 16.5.1 (a) to fix a zero-day exploit in Apple’s WebKit code, reports emerged that the update was no longer available. Apple’s security portal still lists the updates, but there are indications that they have been withdrawn temporarily. One possible reason for this is that Apple’s Safari browser now includes an appendage in its User-Agent string, causing confusion for some websites.
Only Apple knows the true reason behind the withdrawal of the updates, and they have not made an official statement. Users are advised to keep the update unless it interferes with their ability to use necessary websites or apps, or if their IT department instructs them to roll back. If removal is necessary, instructions are provided for both iPhone/iPad and Mac users. It is essential to note that reinstalling the update may not be possible. Therefore, it is crucial to consider the implications before removing it.
In summary, if users have already downloaded the update, it is recommended to keep it unless necessary. If the update must be removed, caution should be exercised as it may not be possible to reinstall it. For those who have not yet installed the update, it is advised to stay informed as a new patch may be released soon. The key points of this article are: Betteridge’s Law of Headlines suggests that headlines posed as questions can be answered with “No.” Apple released a Rapid Security Response (RSR) update but subsequently withdrew it. The reason for the withdrawal is unknown, but a possible cause is the User-Agent string in Safari. Users should keep or remove the update based on their specific circumstances. It is essential to consider the implications of removing the update, as reinstalling may not be possible. Watch for future updates from Apple.

Leave a Reply

Your email address will not be published. Required fields are marked *