Apple Releases First Rapid Security Response Update

With iOS/iPadOS 16.4.1 and MacOS 13.3.1 Apple has created a new update category of Rapid Security Response. These are smaller, targeted updates (this first one is less than 100MB) to address a security issue. Today Apple released the first one as iOS/iPadOS 16.4.1(a) and MacOS 13.3.1(a).

ars has a good write up here: Apple uses iOS and macOS Rapid Security Response feature for the first time | Ars Technica

Apple has not yet updated its security updates page to include information about what is included in this update but hopefully that will be posted soon.

Automatic updates for Rapid Security Response Updates can be enabled/disabled separately from normal software updates. By default it should be enabled, but just incase you should check your devices by following the following steps:

  • iPhone or iPad: Go to Settings > General > Software Update > Automatic Updates, then make sure that “Security Responses & System Files” is turned on.

  • Mac: Choose Apple menu  > System Settings. Click General in the sidebar, then click Software Update on the right. Click the Show Details button next to Automatic Updates, then make sure that “Install Security Responses and system files” is turned on.

Source: About Rapid Security Responses for iOS, iPadOS, and macOS - Apple Support

My personal speculation is that these are designed and currently now being used to fight back against NSO and similar top level threats. Especially interesting is that this rapid response update comes only a couple weeks after the 16.4.1 update that patched NSO used zero-days.

Apple is a giant mega-corp and not doing anything for the sake of societal good, but their profit motive to keep customers faith in the security of Apple devices is being put to good use here to fight state-backed spyware. We should hope that other big tech companies follow their lead.