Apple has issued three sets of emergency patches, for Safari, iOS, iPadOS, and macOS. Users are encouraged to install these patches immediately.
Note: as of July 11, 2023, these updates are not currently being distributed.
This may be a temporary thing. Or not.
Excerpts from Apple’s Security Announce mailing list:
Safari updates
Safari is updated for macOS Big Sur and macOS Monterey. Safari is also updated on macOS Ventura, iPadOS, and iOS, but it is bundled in with operating system updates.
APPLE-SA-2023-07-10-1 Safari 16.5.2
Safari 16.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213826.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been actively
exploited.
Description: The issue was addressed with improved checks.
CVE-2023-37450: an anonymous researcher
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.iOS and iPadOS updates
These updates include the new version of Safari. The parenthetical (a) in the version indicates it is a focused security update, and includes no other changes.
APPLE-SA-2023-07-10-2 Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1
Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213823.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
This document describes the content of Rapid Security Responses.
About Rapid Security Responses
Rapid Security Responses deliver important security improvements between
software updates and are available only for the latest versions of iOS,
iPadOS, and macOS. Learn more about Rapid Security Responses.
Recent releases are listed on the Apple security releases page.
iOS 16.5.1 (a) and iPadOS 16.5.1 (a)
WebKit
Available for: iOS 16.5.1 and iPadOS 16.5.1
Impact: Processing web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been actively
exploited.
Description: The issue was addressed with improved checks.
CVE-2023-37450: an anonymous researcher
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
macOS Ventura 13.4.1 (a)
The parenthetical (a) indicates this is a targeted security update to Ventura 13.4.1, and includes nothing beyond the security updates. It includes the new version of Safari.
APPLE-SA-2023-07-10-3 Rapid Security Responses for macOS Ventura 13.4.1
Rapid Security Responses for macOS Ventura 13.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213825.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
This document describes the content of Rapid Security Responses.
About Rapid Security Responses
Rapid Security Responses deliver important security improvements between
software updates and are available only for the latest versions of iOS,
iPadOS, and macOS. Learn more about Rapid Security Responses.
Recent releases are listed on the Apple security releases page.
macOS Ventura 13.4.1 (a)
WebKit
Available for: macOS Ventura 13.4.1
Impact: Processing web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been actively
exploited.
Description: The issue was addressed with improved checks.
CVE-2023-37450: an anonymous researcher
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
You are strongly encouraged to have your Mac, iPhone, and iPad install all updates automatically. If you notice these devices haven’t installed the update in a day or two, automatically, go into your settings and request an immediate update.
You can get on Apple’s Security Announce mailing list by going to this website and entering your email address. The mailing list is free, and recommended. https://lists.apple.com/mailman/options/security-announce/