On Monday, Apple released its first batch of Rapid Security Response (RSR) patches, iOS 16.4.1 (a), iPadOS 16.4.1 (a), and macOS 13.3.1 (a), for iPhone and iPad, and macOS devices, respectively.
RSR is a new type of software patch delivered between Apple’s regular, scheduled software updates. Previously, Apple security fixes came bundled along with features and improvements, but RSRs only carry security fixes. They’re meant to make the deployment of security improvements faster and more frequent. According to an Apple notice about RSRs, the new updates “may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist ‘in the wild’.”
Think of it as the company’s version of Microsoft’s out-of-band (OOB) patches.
“When a Rapid Security Response has been applied, a letter appears after the software version number, as in this example: macOS 13.3.1 (a),” the notice said, giving users a glimpse of how RSR versioning works.
Apple introduced Rapid Security Response updates with the launch of iOS 16, iPadOS 16, and macOS Ventura at its Worldwide Developers Conference last summer. Devices allow automatic RSR patching by default, but the company provided its users with the option to disable it. You can visit this Apple Support page to learn how you can do this on iPhone, iPad, and Mac.
If you do disable RSR, you will still receive security fixes as part of Apple’s regular software updates, just as you did previously. However, not getting a quick fix when it’s available could leave your device vulnerable to in-the-wild exploits.
Apple began testing RSR last year, with its beta testers. Monday’s patches were the first to be released to the public. Some users reported they couldn’t install the updates, even when devices successfully downloaded the patches, but that problem seems to have been resovled now, according to The Verge.
The company also didn’t make clear what security fixes RSR for iOS, iPadOS, and macOS addressed, since there were no notes released for them. Moving forward, Apple will only make RSR available to all devices running the latest version of iOS, iPadOS, and macOS.
RSRs aren’t the only recent innovation that should make it harder for criminals to exploit Apple devices. On April 21, we reported on Citizen Lab’s investigation into the effectiveness of Apple’s Lockdown Mode, a feature designed to provide a safer environment for users at a higher risk from targeted attacks, such as those developed by NSO Group, the company behind the notorious spyware Pegasus, and QuaDream. NSO Group is known to take advantage of 0-day vulnerabilities. RSRs should improve protection further by allowing Apple to patch those 0-days immediately after they’re discovered.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.