The security updating of iPhones, iPads and Macs has entered a new stage: Apple has, for the first time, released a Rapid Security Response to owners of the devices running the latest versions of its operating systems.
Apple Rapid Security Response enabled on iOS (Source: Help Net Security)
What is Apple Rapid Security Response?
Announced nearly a year ago, the security-focused feature makes user devices automatically install security patches as they are made available.
The feature is enabled by default and can be turned off in the operating systems’ Software Update settings.
“If you choose to turn off this setting or not to apply Rapid Security Responses when they’re available, your device will receive relevant fixes or mitigations when they’re included in a subsequent software update,” Apple stated.
The feature is only available to users that run iOS 16.4.1 or later, iPadOS 16.4.1 or later, or macOS Ventura 13.3.1 or later.
No info about the fixed vulnerabilities
Unfortunately, Apple was and continues to be tight-lipped about the nature of the security patches that will be delivered via Rapid Security Response.
Yesterday’s security update alert points to the following “explanation”: “[Rapid Security Responses] deliver important security improvements between software updates – for example, improvements to the Safari web browser, the WebKit framework stack or other critical system libraries. They may also be used to mitigate some security issues more quickly, such as issues that may have been exploited or reported to exist.”
The Apple Security Updates page doesn’t show release notes for this novel security patch, designated as iOS/iPadOS 16.4.1(a) and MacOS 13.3.1(a). (The company is usually terse when it comes to clarifying fixed and exploited vulnerabilities affecting their products.)
In any case, keeping the feature switched on is a good idea for all users, and especially for those at higher risk of targeted attacks. The latter can also take advantage of Apple’s Lockdown Mode, which has recently foiled a zero-day exploit.