Apple has released a new Rapid Security Response (RSR) update addressing a zero-day vulnerability allegedly affecting fully-patched Apple devices such as iPhones, Macs, and iPads.
“Apple is aware of a report that this issue may have been actively exploited,” Apple wrote in its security advisory.
The flaw being addressed is tracked as CVE-2023-37450, and is described as an arbitrary code execution bug in the WebKit browser engine. It allows threat actors to run arbitrary code on target endpoints, by tricking victims into opening malicious websites.