July 27, 2023

iOS 16.5.1

Platform(s) Affected
Entry Type
Security Guidance
Threat Type
Platform(s) Affected
Security Guidance


Apple released Rapid Security Response (RSR) late last week to cover for a vulnerability which is affecting all iPhones and iPads. This vulnerability is tracked as CVE-2023-37450 and is fixed by 16.5.1(c) or later. This is a remote code execution type vulnerability in Webkit, which is the basis of Apple’s cross platform web browser, i.e. the engine that powers Safari and other third party web browsers for iOS. Apple has reported that they are aware of the vulnerability being exploited in the wild. The vulnerability also is part of CISA guidelines for federal agencies to fix by August 03, 2023.

It is unclear whether Apple will release a patch for CVE-2023-37450 for older iPhone models as version 15.7.8 doesn’t cover CVE-2023-37450.

Lookout Analysis

While limited information has been made available for the vulnerability, the remote code execution capability being exploited in the wild makes it critical enough to be patched. We strongly recommend that the iPhone and iPad users keep their devices on auto update for RSR so that these security fixes can be applied as soon as they are released.

It is likely that the vulnerability can be executed by processing malcrafted web pages providing them higher privileges. While we currently do not have a way to mark devices out of compliance for the RSR versions, our multifaceted approach protects mobile users from malicious phishing campaigns that are built to exploit these vulnerabilities. Lookout will also detect if an attacker is successfully able to compromise the device at the OS level. We recommend broadcasting the importance of installing the RSR version to ensure that the primary level of defense is put up.

Colleagues standing in an open meeting area and sharing a humorous moment

Identify and Prevent Threats with Lookout Threat Advisory

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Lookout Threat Advisory provides cutting-edge mobile threat intelligence from Lookout’s global sensor network of millions of mobile devices and insights from Lookout’s top mobile security researchers. Protecting and preventing your organization from major threats.

Other Related Threats


September 15, 2023

Scattered Spider

Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign

September 19, 2023


September 18, 2023

ASPL 2023-09-01 / CVE-2023-35674