Apple tries again to patch a serious WebKit flaw by disseminating iOS 16.5.1 (c)
Back on June 21st, Apple disseminated iOS 16.5.1 and iPadOS 16.5.1. But soon it was discovered that the updates had a flaw in the WebKit browser engine that could lead an attacker to create an arbitrary code execution which would allow said attacker to run any command or code on a targeted device. That is a serious problem and to top it off, Apple said that it had reports that the vulnerability was being actively exploited.
Instead of having to develop iOS 16.5.2 and iPadOS 16.5.2, Apple decided to use its Rapid Security Response feature to push out iOS 16.5.1 (a) and iPadOS 16.5.1 (a). These updates can be installed in a matter of minutes and can be quickly disseminated to Apple device users to patch a serious vulnerability such as the one that was supposed to be patched by Monday's update. Note that we said that the update was "supposed" to patch the flaw. That's because the updates sent out to fix the WebKit issue on Monday had issues of their own.
Apple releases iOS 16.5.1 (c) and iPadOS 16.5.1 (c) using the Rapid Security Response
According to several iPhone and iPad users, the updates changed the user agent for Safari. The user agent tells a server information about the device requesting content from it so the server knows what information to send out. For example, the user agent will determine whether a request to see a phone manufacturer's website should return the U.S. site with models sold in the States priced in Dollars, or whether it should show the site created for European buyers that lists models offered on the continent with prices posted in Euros.
As a result of the issue with the user agent, iPhone, and iPad users complained that they were not able to access sites like Zoom, Facebook, and Instagram after installing iOS 16.5.1 (a) and iPadOS 16.5.1 (a). Apple, realizing that there was a problem with the updates, pulled them yesterday and even included directions on how to delete them. But if you haven't deleted the updates, don't worry. Apple has now released iOS 16.5.1 (c) and iPadOS 16.5.1 (c).
We said the other day that the vulnerability was too serious for Apple not to push out another patch right away, and now it has happened. To download and install the updates, go to Settings > General > Software Updates and follow the directions. Hopefully, Apple won't be taking these updates back.
Things that are NOT allowed: