Skip to main content

iOS 16.5.1 security fix temporarily pulled after it broke websites

Avatar for Ben Lovejoy  | Jul 11 2023 - 3:56 am PT
17 Comments
iOS 17 iPhone security and privacy features

Apple yesterday released an iOS 16.5.1 update to fix a security vulnerability which is being actively exploited by attackers – but then withdrew it again.

The problem, it appears, is that a tiny change in Safari caused a number of websites to break …

Update issued using Rapid Security Response

Apple first introduced the Rapid Security Response (RSR) system late last year. It’s designed to enable Apple to automatically push urgent security fixes to devices, without users needing to do a full iOS update. The idea is that devices are protected as quickly as possible, without the need to wait until users get around to carrying out an update.

We noted at the time that this was a game-changer for securing Apple devices.

In the past, security updates have often been bundled with new feature updates, meaning that users who wanted to stay secure had to update to the latest version of the operating system, even if they didn’t want or need the new features.

Many people have been hesitant to update their devices for this reason, as they don’t want to change the way their devices work […] By separating security from new features, Apple is making it easier for users to stay secure.

iOS 16.5.1 security fix issued then pulled

An anonymous researcher discovered a major vulnerability in WebKit, which Apple confirmed was being actively exploited. This is obviously the most serious category of security failing, requiring an immediate fix – hence the use of RSR.

However, developer Aaron spotted that the update was pulled shortly after it was pushed.

Apple has pulled the Rapid Security Responses released earlier today.

He noted reports that it was breaking some websites, including Facebook, Instagram, and Zoom. The sites were reporting that they were not supported on Safari. A MacRumors forum member suggested this was because the user agent had been changed to include an ‘(a)’ on the end – which meant some websites didn’t recognize the browser.

If that is indeed the case, then it’s of course a trivial matter to fix, so we should see the update pushed again shortly.

iPhone wallpaper: Adnan Mistry/Unsplash

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

Facebook

Facebook

Facebook is the most popular social media servic…
Instagram

Instagram

Instagram is a social media service owned by Fac…
Security iOS 16 Safari zoom

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear

Dell 49-inch curved monitor

Dell 49-inch curved monitor