Apple Pulls iOS 16.5.1 and macOS 13.4.1 Rapid Security Response Updates Due to Safari Bug

[MacRumors]

Apple earlier today released new Rapid Security Response updates for iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1 users, but Apple has pulled the software, likely due to an issue that caused certain websites not to work after the RSRs were installed.

According to reports on the MacRumors forums, Facebook, Instagram, WhatsApp, Zoom, and other websites started giving a warning about not being supported on the Safari browser following the Rapid Security Response updates.

The iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1 Rapid Security Response updates fixed a WebKit vulnerability that Apple says may have been actively exploited. Unfortunately, it appears that the updates changed the Safari user agent to include an (a), leading some websites to break.

Apple will likely re-release the RSRs when the issue has been addressed.

https://twitter.com/x/status/1678603028113289217

Those who have already installed the update can downgrade on iOS by going to Settings > General > About and tapping on iOS Version. From there tap on Remove Security Update. On the Mac, updates can be removed by following our how to.

Article Link: Apple Pulls iOS 16.5.1 and macOS 13.4.1 Rapid Security Response Updates Due to Safari Bug

 

[ChedNasad]

And here I thought Zuck was just fed up with Apple's anti tracking policies...

 

[sguser]

The issue affects macOS as well. Is there a way to install a rapid security update on macOS? - nevermind, I've found the how this is done on macOS.

 

[tywebb13]

If they pulled the rsr updates for Ventura then why do the rsr zips still work for Ventura 13.4.1 (a) 22F770820b:

intel: https://updates.cdn-apple.com/2023S.../d89d81737950136e2d6106ecbfbff16aa024e8e6.zip

M1/M2: https://updates.cdn-apple.com/2023S.../fda10f2f66899a3530fd1cc7e99d0267eabef6c2.zip

I would have thought if they pulled it the links would go dead.

 

[airwalk331]

Final_update_16.5.1.ax_finalv2_final_fix.dmg

 

[nicolas17]

If they pulled the rsr updates for Ventura then why do the rsr zips still work for Ventura 13.4.1 (a) 22F770820b:

intel: https://updates.cdn-apple.com/2023S.../d89d81737950136e2d6106ecbfbff16aa024e8e6.zip

M1/M2: https://updates.cdn-apple.com/2023S.../fda10f2f66899a3530fd1cc7e99d0267eabef6c2.zip

I would have thought if they pulled it the links would go dead.

That's almost never how it works. "Are there updates available" used to return the zip URL, and now returns "no there's nothing", but the zip itself is not deleted from the storage server. Same reason why most old iOS versions are still available on the server, even if nothing will use them automatically for updates, or it's not even possible to install them.

 

[Mr. Dee]

Let me quote myself:

Keep guinea pigging it for me. Didn't one of these rapid security updates cause issues a few months ago?

Post in thread 'Apple Releases Rapid Security Response Updates for iOS 16.5.1 and macOS 13.4.1 to Fix Actively Exploited Vulnerability [Updated]'
https://forums.macrumors.com/thread...d-vulnerability-updated.2395527/post-32309097

 

[AppleTO]

Lol, time to update the user agent parsing functions.

 

[dumastudetto]

I won’t be uninstalling a fix for an actively exploited security bug to workaround sloppy Meta website code.

 

[Junipr]

Safari, this is not the type of snappiness we need from you..

 

[tywebb13]

I think if apple pulled it it would be a bigger issue than just Meta. Things like Zoom and WhatsApp for example.

 

[nicolas17]

I think if apple pulled it it would be a bigger issue than just Meta. Things like Zoom and WhatsApp for example.

Zoom is in fact affected by the same issue (which, again, is Zoom's fault).

 

[doboy]

Wow, they can't even get the RSR update to go smoothly. It's not so rapid if you have to install, uninstall, and wait and install the corrected update. I knew something was wrong when it took only 30-45s on my M1 iPad Pro to update

 

[ZZ9pluralZalpha]

Zoom is in fact affected by the same issue (which, again, is Zoom's fault).

Not comforting that so many apps have user agent parsers which will fall flat on their faces when presented with an '(a)'...

 

[tywebb13]

wait and install the corrected update.

.... or wait and not install the corrected update

 

[haruhiko]

Zoom website is fine for me, what exactly is the problem?

 

[TheYayAreaLiving 🎗️]

Too bad I already downloaded it. Dang it! Suprisely the update was downloaded too fast. A little sus! 💨

 

[ChrisN718]

All my apps from Meta are working fine for me on my iPhone. Is this just affecting accessing those using safari?

 

[_Spinn_]

I haven’t noticed any issues. Even if I did I wouldn’t uninstall it just because websites can’t parse a user agent string correctly. That’s on them not Apple.

 

[cbsnbiker]

So, if I don't use Facebook, Instagram, WhatsApp, or Zoom (at least recently for Zoom), should I worry?

 

[nicolas17]

So, if I don't use Facebook, Instagram, WhatsApp, or Zoom (at least recently for Zoom), should I worry?

You should definitely keep the update installed, for security reasons.

 

[contacos]

First rapid update if I am not mistaken and already an issue. That’s how you built trust for these 😅🙈

 

[fivenotrump]

First rapid update if I am not mistaken and already an issue. That’s how you built trust for these 😅🙈

you are: we had 13.3.1 (a)

 

[Nermal]

That's almost never how it works. "Are there updates available" used to return the zip URL, and now returns "no there's nothing", but the zip itself is not deleted from the storage server.

Further to that, for all we know Apple might release the exact same update again once Facebook and Zoom have fixed their sites. If that's the case then there's no real reason to delete them.

Edit: It seems that this is not the case: Apple has announced that a "(b)" update is coming.

 

[OhMyMy]

Wow, they can't even get the RSR update to go smoothly. It's not so rapid if you have to install, uninstall, and wait and install the corrected update. I knew something was wrong when it took only 30-45s on my M1 iPad Pro to update

That’s the whole point of separating the security fixes from the OS. Quick design and delivery of security patches.
From your response it’s obvious that you’re just a typical user unaware of how software design works. So I suggest you educate yourself with the fundamentals before making statements like these.
These OS’ have grown quite a bit in complexity in recent years and mistakes do happen as a result. And rewriting the whole thing would take considerable resources and isn’t a viable option even for a company as big as Apple.