Apple earlier today released new Rapid Security Response updates for iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1 users, but Apple has pulled...
Apple earlier today released new Rapid Security Response updates for iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1 users, but Apple has pulled...
This later article makes it sound like the issue was with websites using UA sniffing:
For instance, after applying the RSR updates on an iOS device, the new user agent containing an "(a)" string is "Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.2 (a) Mobile/15E148 Safari/604.1," which prevents websites from detecting it as a valid version of Safari, thus displaying browser not supported error messages.
I hope Apple's use of the Rapid Security Response system here was mostly an infrastructure test. I would be miffed to learn that a patch for some zero day was fumbled because Facebook didn't get the decades-old memo not to use UA sniffing for feature detection.